redline | 4fedb0b25dc9687a013d419cbad46c7b12da234b598d9cddc7a12631ea2e0096 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4fedb0b25dc9687a013d419cbad46c7b12da234b598d9cddc7a12631ea2e0096
Size

187KB
Sample

230103-fd541sda3y
MD5

d7c522092dae53650c875d30e70ddb15
SHA1

3baa86e61ba52b3e054b421f9c02625ea249c887
SHA256

4fedb0b25dc9687a013d419cbad46c7b12da234b598d9cddc7a12631ea2e0096
SHA512

8c0bd3ab4dafec41a2bfa61e43ca9a5778b078320eb58de7e937d13ceaa90854e7bc22455be5f6c4b90b657d9e625788e6a7faa1226c2e866948f9789d1b9399
SSDEEP

3072:ZFRJLmeMvbQi5zz+zxfK7cMoOZRVDYNVV9A/b3ZhyF:XLSvcS+FPWDiVV9A/bri

Score

10^/10

redline smokeloader @zallllis backdoor infostealer spyware trojan

Malware Config

Extracted

Family

redline

Botnet

@zallllis

C2

45.15.157.136:7429

Attributes

auth_value
819f274cbc0e7c8d89e811e4a9877964

Targets

- Target
  
  4fedb0b25dc9687a013d419cbad46c7b12da234b598d9cddc7a12631ea2e0096
- Size
  
  187KB
- MD5
  
  d7c522092dae53650c875d30e70ddb15
- SHA1
  
  3baa86e61ba52b3e054b421f9c02625ea249c887
- SHA256
  
  4fedb0b25dc9687a013d419cbad46c7b12da234b598d9cddc7a12631ea2e0096
- SHA512
  
  8c0bd3ab4dafec41a2bfa61e43ca9a5778b078320eb58de7e937d13ceaa90854e7bc22455be5f6c4b90b657d9e625788e6a7faa1226c2e866948f9789d1b9399
- SSDEEP
  
  3072:ZFRJLmeMvbQi5zz+zxfK7cMoOZRVDYNVV9A/b3ZhyF:XLSvcS+FPWDiVV9A/bri
Score

10^/10

redline smokeloader @zallllis backdoor infostealer spyware trojan
- Detects Smokeloader packer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Web Service

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesmokeloader@zallllisbackdoorinfostealerspywaretrojan