General
-
Target
9e4e8a3c08c71e24a113731d9.exe
-
Size
231KB
-
Sample
230709-xyk31sgb5x
-
MD5
c19ac7b048a92ef8e9355ce4425da10e
-
SHA1
fc403c8d7df48b313bdd96fc6d1f93c98b905e38
-
SHA256
9e4e8a3c08c71e24a113731d9b3c6221c79a0d82e9ab0b510e4240257b4d0eee
-
SHA512
08f56cfe6f8ee4db7e946db3aa457de870d51f00ffe937b82f444b02edd39e51af30e4546e072e5f6aac99499cee0c74513f5e3ff41dc80777e3b454089eff49
-
SSDEEP
3072:XpmfY5uwEh0SPwCgX+EEEEEEEcCz/T1dU9Pl1smVzKMEV5VelpSkQd:5j/EeS41KC/89Pl1nzmV5sp
Static task
static1
Behavioral task
behavioral1
Sample
9e4e8a3c08c71e24a113731d9.exe
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
9e4e8a3c08c71e24a113731d9.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
smokeloader
summ
Extracted
smokeloader
2022
http://stalagmijesarl.com/
http://ukdantist-sarl.com/
http://cpcorprotationltd.com/
Extracted
redline
installs
45.9.74.117:15394
-
auth_value
1e9e371d6ad77e4f1df6c259f3a2f754
Targets
-
-
Target
9e4e8a3c08c71e24a113731d9.exe
-
Size
231KB
-
MD5
c19ac7b048a92ef8e9355ce4425da10e
-
SHA1
fc403c8d7df48b313bdd96fc6d1f93c98b905e38
-
SHA256
9e4e8a3c08c71e24a113731d9b3c6221c79a0d82e9ab0b510e4240257b4d0eee
-
SHA512
08f56cfe6f8ee4db7e946db3aa457de870d51f00ffe937b82f444b02edd39e51af30e4546e072e5f6aac99499cee0c74513f5e3ff41dc80777e3b454089eff49
-
SSDEEP
3072:XpmfY5uwEh0SPwCgX+EEEEEEEcCz/T1dU9Pl1smVzKMEV5VelpSkQd:5j/EeS41KC/89Pl1nzmV5sp
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-