redline | eacc00aeed09ec04d2d345242a9b2049cf7c434f8bb82bb9e2ab52ec699db495 | Triage

Submit
Reports

Overview

overview

Static

static

1

b2259d7d5d...5f.exe

windows7-x64

b2259d7d5d...5f.exe

windows10-2004-x64

Sharing

General

Target

b2259d7d5ddf3a60edaa2c0029bef3d639278866a8e0871cd9aa2cf6c7e8885f.zip
Size

139KB
Sample

230311-s6x1bsab98
MD5

9eb06fe5a8f86e2e5982da1aaaea2738
SHA1

2afb058fe3d98df96ce2b5481fd302fb33c1a1fe
SHA256

eacc00aeed09ec04d2d345242a9b2049cf7c434f8bb82bb9e2ab52ec699db495
SHA512

74ebb3e86b1464681e30282434a29f1d5e8e61a563d6a2c72262abee13168001f65cbb10cabe23aefe2f979e1f621b7449b3b6bcaf6d4bf3fbbb2c35a2f8ac0d
SSDEEP

3072:RORQ2xh8f5GrLNlI4toZ3EWTCy3aO8WWHK:RyQ2xi5CJ/oZ3E+LJ

Score

10^/10

redline smokeloader 2023 turbotax backdoor infostealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

b2259d7d5ddf3a60edaa2c0029bef3d639278866a8e0871cd9aa2cf6c7e8885f.exe

Resource

win7-20230220-en

smokeloader 2023 backdoor trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

b2259d7d5ddf3a60edaa2c0029bef3d639278866a8e0871cd9aa2cf6c7e8885f.exe

Resource

win10v2004-20230220-en

redline smokeloader 2023 turbotax backdoor infostealer trojan upx

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

smokeloader

Botnet

2023

Extracted

Family

smokeloader

Version

2022

C2

http://c3g6gx853u6j.xyz/

http://04yh16065cdi.xyz/

http://33qd2w560vnx.xyz/

http://neriir0f76gr.com/

http://b4y08hrp3jdb.com/

http://swp6fbywla09.com/

http://7iqt53dr345u.com/

http://mj4aj8r55mho.com/

http://ne4ym7bjn1ts.com/

rc4.i32

rc4.i32

Extracted

Family

redline

Botnet

turbotax

C2

51.81.126.50:48524

Attributes

auth_value
36e2b25e3ea6225f65446005daffecc2

Targets

- Target
  
  b2259d7d5ddf3a60edaa2c0029bef3d639278866a8e0871cd9aa2cf6c7e8885f.exe
- Size
  
  214KB
- MD5
  
  011daebd8c6218cc56dfb0fbe639768c
- SHA1
  
  5489053e148ca9a3f357b4c3fab37d68b743aada
- SHA256
  
  b2259d7d5ddf3a60edaa2c0029bef3d639278866a8e0871cd9aa2cf6c7e8885f
- SHA512
  
  b3306f2f7aa94e0fe883a485f3b6ff4f63b2dfdab0f26f5cdd6f76a9a52382ebb855c9613ec7a31819a0131d59633b76b04b6477d9c5acbef9e755792dd676ec
- SSDEEP
  
  3072:JET7PLChpX1b50uYi9W51o5S0zCBtBclYXOTsb:+XLSN1NYi9W5zftcwb
Score

10^/10

smokeloader 2023 backdoor trojan redline turbotax infostealer upx
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

smokeloader2023backdoortrojan

behavioral2

redlinesmokeloader2023turbotaxbackdoorinfostealertrojanupx

© 2018-2024

Terms | Privacy