redline | d873af0624a07376d9f53d8400578812617b265982b3a8b909281a6f9c0fb5d0 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

d873af0624a07376d9f53d8400578812617b265982b3a8b909281a6f9c0fb5d0
Size

341KB
Sample

230104-awz3tsdd46
MD5

a24628e83dd08c59af1e375dff116aa4
SHA1

5a2cb96423aa17e4dcc29628cdb5f0efea7fe5bf
SHA256

d873af0624a07376d9f53d8400578812617b265982b3a8b909281a6f9c0fb5d0
SHA512

0beadd7546402eefaf05911c619221a318e6abebdae95e495074b7389cda117942b12747bfac1cd7e44e84ddde8a45c517b5c2741281ed6897e5363b9ad19d6e
SSDEEP

6144:+38LmkaqnSW3KbqMDDycAyjFvJEMbx5rb:68/adWaPDDPAyxfV5

Score

10^/10

redline smokeloader 5266507666_99 givememygun backdoor infostealer miner spyware trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

d873af0624a07376d9f53d8400578812617b265982b3a8b909281a6f9c0fb5d0.exe

Resource

win10v2004-20220812-en

redline smokeloader 5266507666_99 givememygun backdoor infostealer miner spyware trojan upx

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

5266507666_99

C2

spicymeat.top:3306

spicymeat.top:28786

Attributes

auth_value
524aee6876ac3dd21046e58cfcec533b

Extracted

Family

redline

Botnet

GIVEMEMYGUN

C2

193.233.49.83:3321

Attributes

auth_value
862b38f54d952bd9a16b1945a039305a

Targets

- Target
  
  d873af0624a07376d9f53d8400578812617b265982b3a8b909281a6f9c0fb5d0
- Size
  
  341KB
- MD5
  
  a24628e83dd08c59af1e375dff116aa4
- SHA1
  
  5a2cb96423aa17e4dcc29628cdb5f0efea7fe5bf
- SHA256
  
  d873af0624a07376d9f53d8400578812617b265982b3a8b909281a6f9c0fb5d0
- SHA512
  
  0beadd7546402eefaf05911c619221a318e6abebdae95e495074b7389cda117942b12747bfac1cd7e44e84ddde8a45c517b5c2741281ed6897e5363b9ad19d6e
- SSDEEP
  
  6144:+38LmkaqnSW3KbqMDDycAyjFvJEMbx5rb:68/adWaPDDPAyxfV5
Score

10^/10

redline smokeloader 5266507666_99 givememygun backdoor infostealer miner spyware trojan upx
- Detects Smokeloader packer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Detectes Phoenix Miner Payload
  miner
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Scripting

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Web Service

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesmokeloader5266507666_99givememygunbackdoorinfostealerminerspywaretrojanupx

© 2018-2025

Terms | Privacy