General
-
Target
042f6e8dc83d7909446de11c207066d4eb4af43fba4466c420290e1db8bafc6a
-
Size
353KB
-
Sample
230420-wv7xyade4t
-
MD5
ef32c511b51986489300ce02f1a90acc
-
SHA1
a97a5b1cd55c522e8762352faf57afb75241a20d
-
SHA256
042f6e8dc83d7909446de11c207066d4eb4af43fba4466c420290e1db8bafc6a
-
SHA512
62d90f8abe37ec3ccc9417c8180fd27d5383923c8433c3f5965d48307926604881b64e6c8952d636c90d5b352c45ea1246973b65f55b8df7c77fd6040d830e64
-
SSDEEP
3072:ohHPbVQvHSKM96FGGQkiHA6rcsup1xC9LBklMAbb7N+WXalhLcOdjiqVSV/hrjpW:oJPMSh9y5QHAwmNlMo77aTX+T/gTa
Malware Config
Extracted
smokeloader
sprg
Extracted
smokeloader
2022
http://hoh0aeghwugh2gie.com/
http://hie7doodohpae4na.com/
http://aek0aicifaloh1yo.com/
http://yic0oosaeiy7ahng.com/
http://wa5zu7sekai8xeih.com/
Extracted
redline
5631065866_99
dragrun.top:28786
-
auth_value
8e0a1c9a030cc4c326c224fdeb62adbc
Targets
-
-
Target
042f6e8dc83d7909446de11c207066d4eb4af43fba4466c420290e1db8bafc6a
-
Size
353KB
-
MD5
ef32c511b51986489300ce02f1a90acc
-
SHA1
a97a5b1cd55c522e8762352faf57afb75241a20d
-
SHA256
042f6e8dc83d7909446de11c207066d4eb4af43fba4466c420290e1db8bafc6a
-
SHA512
62d90f8abe37ec3ccc9417c8180fd27d5383923c8433c3f5965d48307926604881b64e6c8952d636c90d5b352c45ea1246973b65f55b8df7c77fd6040d830e64
-
SSDEEP
3072:ohHPbVQvHSKM96FGGQkiHA6rcsup1xC9LBklMAbb7N+WXalhLcOdjiqVSV/hrjpW:oJPMSh9y5QHAwmNlMo77aTX+T/gTa
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-