Overview

overview

10

Static

static

3

9e4e8a3c08...d9.exe

windows7-x64

10

9e4e8a3c08...d9.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9e4e8a3c08c71e24a113731d9.exe

  • Size

    231KB

  • Sample

    230709-xyk31sgb5x

  • MD5

    c19ac7b048a92ef8e9355ce4425da10e

  • SHA1

    fc403c8d7df48b313bdd96fc6d1f93c98b905e38

  • SHA256

    9e4e8a3c08c71e24a113731d9b3c6221c79a0d82e9ab0b510e4240257b4d0eee

  • SHA512

    08f56cfe6f8ee4db7e946db3aa457de870d51f00ffe937b82f444b02edd39e51af30e4546e072e5f6aac99499cee0c74513f5e3ff41dc80777e3b454089eff49

  • SSDEEP

    3072:XpmfY5uwEh0SPwCgX+EEEEEEEcCz/T1dU9Pl1smVzKMEV5VelpSkQd:5j/EeS41KC/89Pl1nzmV5sp

Score
10/10
redlinesmokeloaderinstallssummbackdoorinfostealerspywaretrojan

Malware Config

Extracted

Family

smokeloader

Botnet

summ

Extracted

Family

smokeloader

Version

2022

C2

http://stalagmijesarl.com/

http://ukdantist-sarl.com/

http://cpcorprotationltd.com/
rc4.i32
rc4.i32

Extracted

Family

redline

Botnet

installs

C2

45.9.74.117:15394

Attributes
  • auth_value

    1e9e371d6ad77e4f1df6c259f3a2f754

Targets

    • Target

      9e4e8a3c08c71e24a113731d9.exe

    • Size

      231KB

    • MD5

      c19ac7b048a92ef8e9355ce4425da10e

    • SHA1

      fc403c8d7df48b313bdd96fc6d1f93c98b905e38

    • SHA256

      9e4e8a3c08c71e24a113731d9b3c6221c79a0d82e9ab0b510e4240257b4d0eee

    • SHA512

      08f56cfe6f8ee4db7e946db3aa457de870d51f00ffe937b82f444b02edd39e51af30e4546e072e5f6aac99499cee0c74513f5e3ff41dc80777e3b454089eff49

    • SSDEEP

      3072:XpmfY5uwEh0SPwCgX+EEEEEEEcCz/T1dU9Pl1smVzKMEV5VelpSkQd:5j/EeS41KC/89Pl1nzmV5sp

    Score
    10/10
    smokeloadersummbackdoortrojanredlineinstallsinfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks