General
-
Target
06549799.bin
-
Size
241KB
-
Sample
230618-m8fwyaeh74
-
MD5
7d726c8be35f9e9f010363c050ee86b3
-
SHA1
13d73cea5b8d05b338f347cdfc4088cc4f38fcac
-
SHA256
b2c3517bb90933390df4eb01c6ba36f2a519a69b5bcee703f4889b8336cb7027
-
SHA512
a99fd000bf852276d2722e7e75b9577dbac669a12c7db9e52965808aabc7710bfa3956de993f14154143db45ad124f4ed90255332171bb4df57c30707e0a042b
-
SSDEEP
3072:O98WPLTgdxkBH8ZQYTr6DQ6v+UT4i0JKIMuFes7P:XWzcdxkFhCwQC8bMuF
Static task
static1
Behavioral task
behavioral1
Sample
06549799.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
06549799.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
smokeloader
summ
Extracted
smokeloader
2022
http://stalagmijesarl.com/
http://ukdantist-sarl.com/
http://cpcorprotationltd.com/
Extracted
redline
Private CLOUD
176.123.9.85:16482
-
auth_value
cf18ee275aee7449ba89afcffb586f89
Extracted
systembc
admex1955x.xyz:4044
servx2785x.xyz:4044
Targets
-
-
Target
06549799.bin
-
Size
241KB
-
MD5
7d726c8be35f9e9f010363c050ee86b3
-
SHA1
13d73cea5b8d05b338f347cdfc4088cc4f38fcac
-
SHA256
b2c3517bb90933390df4eb01c6ba36f2a519a69b5bcee703f4889b8336cb7027
-
SHA512
a99fd000bf852276d2722e7e75b9577dbac669a12c7db9e52965808aabc7710bfa3956de993f14154143db45ad124f4ed90255332171bb4df57c30707e0a042b
-
SSDEEP
3072:O98WPLTgdxkBH8ZQYTr6DQ6v+UT4i0JKIMuFes7P:XWzcdxkFhCwQC8bMuF
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-