General
-
Target
tmp
-
Size
185KB
-
Sample
230619-eq62eabd27
-
MD5
f50c7021faf8880c50cb092669bccf9b
-
SHA1
302d730bad4222d1748a863da3f8bf2368b88e65
-
SHA256
14a81d39c1a2260f7dde336245ab276a3416319e8bea2740107f8da6b5baecc2
-
SHA512
8544961a0ce6d2d2f6e2cd61b5d9be07cf23d3c1de0860008efc08ec7ed3594af21cfe575bf52aca1fcdda150c7a4fe3e2ea46c4bd8d9a6abaef0178d1be19d3
-
SSDEEP
3072:MtaBjZDS2BKsgTnZOXefxHgndnmBT7bZTDhYqgxAnLY:MgBNDfBKbZOXepHg9mBX9XhY5
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
smokeloader
summ
Extracted
smokeloader
2022
http://stalagmijesarl.com/
http://ukdantist-sarl.com/
http://cpcorprotationltd.com/
Extracted
http://45.81.224.130/any.exe
Extracted
systembc
admex1955x.xyz:4044
servx2785x.xyz:4044
Extracted
redline
1
213.239.213.187:17260
-
auth_value
6a4b05ef943a0dd801fd01dfbb9eb717
Targets
-
-
Target
tmp
-
Size
185KB
-
MD5
f50c7021faf8880c50cb092669bccf9b
-
SHA1
302d730bad4222d1748a863da3f8bf2368b88e65
-
SHA256
14a81d39c1a2260f7dde336245ab276a3416319e8bea2740107f8da6b5baecc2
-
SHA512
8544961a0ce6d2d2f6e2cd61b5d9be07cf23d3c1de0860008efc08ec7ed3594af21cfe575bf52aca1fcdda150c7a4fe3e2ea46c4bd8d9a6abaef0178d1be19d3
-
SSDEEP
3072:MtaBjZDS2BKsgTnZOXefxHgndnmBT7bZTDhYqgxAnLY:MgBNDfBKbZOXepHg9mBX9XhY5
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-