General
-
Target
b2259d7d5ddf3a60edaa2c0029bef3d639278866a8e0871cd9aa2cf6c7e8885f.zip
-
Size
139KB
-
Sample
230311-s6x1bsab98
-
MD5
9eb06fe5a8f86e2e5982da1aaaea2738
-
SHA1
2afb058fe3d98df96ce2b5481fd302fb33c1a1fe
-
SHA256
eacc00aeed09ec04d2d345242a9b2049cf7c434f8bb82bb9e2ab52ec699db495
-
SHA512
74ebb3e86b1464681e30282434a29f1d5e8e61a563d6a2c72262abee13168001f65cbb10cabe23aefe2f979e1f621b7449b3b6bcaf6d4bf3fbbb2c35a2f8ac0d
-
SSDEEP
3072:RORQ2xh8f5GrLNlI4toZ3EWTCy3aO8WWHK:RyQ2xi5CJ/oZ3E+LJ
Static task
static1
Behavioral task
behavioral1
Sample
b2259d7d5ddf3a60edaa2c0029bef3d639278866a8e0871cd9aa2cf6c7e8885f.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
b2259d7d5ddf3a60edaa2c0029bef3d639278866a8e0871cd9aa2cf6c7e8885f.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
smokeloader
2023
Extracted
smokeloader
2022
http://c3g6gx853u6j.xyz/
http://04yh16065cdi.xyz/
http://33qd2w560vnx.xyz/
http://neriir0f76gr.com/
http://b4y08hrp3jdb.com/
http://swp6fbywla09.com/
http://7iqt53dr345u.com/
http://mj4aj8r55mho.com/
http://ne4ym7bjn1ts.com/
Extracted
redline
turbotax
51.81.126.50:48524
-
auth_value
36e2b25e3ea6225f65446005daffecc2
Targets
-
-
Target
b2259d7d5ddf3a60edaa2c0029bef3d639278866a8e0871cd9aa2cf6c7e8885f.exe
-
Size
214KB
-
MD5
011daebd8c6218cc56dfb0fbe639768c
-
SHA1
5489053e148ca9a3f357b4c3fab37d68b743aada
-
SHA256
b2259d7d5ddf3a60edaa2c0029bef3d639278866a8e0871cd9aa2cf6c7e8885f
-
SHA512
b3306f2f7aa94e0fe883a485f3b6ff4f63b2dfdab0f26f5cdd6f76a9a52382ebb855c9613ec7a31819a0131d59633b76b04b6477d9c5acbef9e755792dd676ec
-
SSDEEP
3072:JET7PLChpX1b50uYi9W51o5S0zCBtBclYXOTsb:+XLSN1NYi9W5zftcwb
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-