General
-
Target
6b5788674568961860422191b3a23010
-
Size
283KB
-
Sample
230313-tdqafsba97
-
MD5
6b5788674568961860422191b3a23010
-
SHA1
5ae408ce2dbf46b553a8e89db5b311ca40af3466
-
SHA256
3358510dd07f7a0f84f6b8ff788bf5fb661c2259ebff3696c964f928a166a58c
-
SHA512
32b11c9d8cc82f3cca441bc6d437a26113b785e2e6358fc9512701a0f04a1ea5d1640a9188a66fa6de77ae9f80f09f3c499944ee563d6f2439af0b0ee2590ce9
-
SSDEEP
3072:IR/M5lL68U8+CTnMvkHFaMLdH2cj+l3CjixKud+fYpS9BOS1FtTxvC:+ULotlvCaMLtPaldxdIwr6tT
Static task
static1
Behavioral task
behavioral1
Sample
6b5788674568961860422191b3a23010.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
6b5788674568961860422191b3a23010.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
smokeloader
pub4
Extracted
smokeloader
2022
http://vispik.at/tmp/
http://ekcentric.com/tmp/
http://hbeat.ru/tmp/
http://mordo.ru/tmp/
Targets
-
-
Target
6b5788674568961860422191b3a23010
-
Size
283KB
-
MD5
6b5788674568961860422191b3a23010
-
SHA1
5ae408ce2dbf46b553a8e89db5b311ca40af3466
-
SHA256
3358510dd07f7a0f84f6b8ff788bf5fb661c2259ebff3696c964f928a166a58c
-
SHA512
32b11c9d8cc82f3cca441bc6d437a26113b785e2e6358fc9512701a0f04a1ea5d1640a9188a66fa6de77ae9f80f09f3c499944ee563d6f2439af0b0ee2590ce9
-
SSDEEP
3072:IR/M5lL68U8+CTnMvkHFaMLdH2cj+l3CjixKud+fYpS9BOS1FtTxvC:+ULotlvCaMLtPaldxdIwr6tT
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-