Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

fb64b7e890088c50c4d1209a0024177842684cec5c88051cf8d4a8f4ad737eeb
Size

230KB
Sample

221226-lc1e2afh3z
MD5

db2733de17c0f4415fb9d0cd788c61f8
SHA1

4652463e2b22e0a1d9d18ede3b3a4145cdccfac9
SHA256

fb64b7e890088c50c4d1209a0024177842684cec5c88051cf8d4a8f4ad737eeb
SHA512

023233c85bb326452a5b1824eb22b81ffc792f26acb14d0ed434aa8ddedbd9ff0aa54bbdbcbb179ab98ea3b8f01820a66d73b19d9631dd727ac300805ba1a234
SSDEEP

3072:N7tnLQGk5jcHEDcUvjCc+s1dRcyFxqKlS1g/tK8XlaLLrcSb54VIcVTuh:fL72dgkGc+sviax7tK81QbIr

Score

10^/10

redline smokeloader 11 backdoor infostealer spyware trojan

Malware Config

Extracted

Family

redline

Botnet

11

C2

79.137.202.18:45218

Attributes

auth_value
107e09eee63158d2488feb03dac75204

Targets

- Target
  
  fb64b7e890088c50c4d1209a0024177842684cec5c88051cf8d4a8f4ad737eeb
- Size
  
  230KB
- MD5
  
  db2733de17c0f4415fb9d0cd788c61f8
- SHA1
  
  4652463e2b22e0a1d9d18ede3b3a4145cdccfac9
- SHA256
  
  fb64b7e890088c50c4d1209a0024177842684cec5c88051cf8d4a8f4ad737eeb
- SHA512
  
  023233c85bb326452a5b1824eb22b81ffc792f26acb14d0ed434aa8ddedbd9ff0aa54bbdbcbb179ab98ea3b8f01820a66d73b19d9631dd727ac300805ba1a234
- SSDEEP
  
  3072:N7tnLQGk5jcHEDcUvjCc+s1dRcyFxqKlS1g/tK8XlaLLrcSb54VIcVTuh:fL72dgkGc+sviax7tK81QbIr
Score

10^/10

redline smokeloader 11 backdoor infostealer spyware trojan
- Detects Smokeloader packer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix

Collection

Data from Local System

Command and Control

Credential Access

Credentials in Files

Defense Evasion

Scripting

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

redlinesmokeloader11backdoorinfostealerspywaretrojan