redline | fa2c8289fb1a7c26774c74f39391df7a68c06f7b2e1aba9f722d8b30fcc5be97 | Triage

Submit
Reports

Overview

overview

Static

static

1

file.exe

windows7-x64

file.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

file.exe
Size

249KB
Sample

230319-2mm6fsce7y
MD5

88976fa95d5f638343755c86067550b6
SHA1

9d83f005173bd672087d2bd2be9a9533fa97ce75
SHA256

fa2c8289fb1a7c26774c74f39391df7a68c06f7b2e1aba9f722d8b30fcc5be97
SHA512

0e28cf7e3d8fa981bce1faf422a3f3eb6bd4313540236d50e8b0453bec5d976fa08c1fb5248789bbd2e2174de3d2f3d1c5f32248c3cccb7c4ff84c1b141fbed4
SSDEEP

3072:/DqCDXwLvmHW2oUb1rml9dhYx06u7SaM8HTKtzWvl53brYsejg:LDXwLvPLgRmDspWSaHFvYsd

Score

10^/10

redline smokeloader fronx2 pub4 backdoor discovery infostealer spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

file.exe

Resource

win7-20230220-en

smokeloader pub4 backdoor trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

file.exe

Resource

win10v2004-20230220-en

redline smokeloader fronx2 pub4 backdoor discovery infostealer spyware stealer trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

smokeloader

Botnet

pub4

Extracted

Family

smokeloader

Version

2022

C2

http://aapu.at/tmp/

http://poudineh.com/tmp/

http://firsttrusteedrx.ru/tmp/

http://kingpirate.ru/tmp/

rc4.i32

rc4.i32

Extracted

Family

redline

Botnet

fronx2

C2

fronxtracking.com:80

Attributes

auth_value
0a4100df2644a6a6582137d2da2c8bd1

Targets

- Target
  
  file.exe
- Size
  
  249KB
- MD5
  
  88976fa95d5f638343755c86067550b6
- SHA1
  
  9d83f005173bd672087d2bd2be9a9533fa97ce75
- SHA256
  
  fa2c8289fb1a7c26774c74f39391df7a68c06f7b2e1aba9f722d8b30fcc5be97
- SHA512
  
  0e28cf7e3d8fa981bce1faf422a3f3eb6bd4313540236d50e8b0453bec5d976fa08c1fb5248789bbd2e2174de3d2f3d1c5f32248c3cccb7c4ff84c1b141fbed4
- SSDEEP
  
  3072:/DqCDXwLvmHW2oUb1rml9dhYx06u7SaM8HTKtzWvl53brYsejg:LDXwLvPLgRmDspWSaHFvYsd
Score

10^/10

smokeloader pub4 backdoor trojan redline fronx2 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub4backdoortrojan

behavioral2

redlinesmokeloaderfronx2pub4backdoordiscoveryinfostealerspywarestealertrojan

© 2018-2025

Terms | Privacy