General
-
Target
d1c1436fcbdfc15595d95287aa8ca3d69f277a1677000fa30bbb519e4d305a38
-
Size
253KB
-
Sample
230716-h8qnxsch46
-
MD5
d5b47e416d7a06febe582f4b00b65367
-
SHA1
ea205f12d9fdf13b884f22454de514496a0b3865
-
SHA256
d1c1436fcbdfc15595d95287aa8ca3d69f277a1677000fa30bbb519e4d305a38
-
SHA512
0ac7a9bec2d49457ba1f7d4c6de74ff41ce9132fc2cb141a713e23cdb5e4ab1a8e0a96ac27adaa8911e1ee08829bff4f4f541fb954f187ed2717e476377f1565
-
SSDEEP
3072:vKLEBiLgtH0uX2ETlYKfRpjojDPyucx5CKAwlg:iLE3NX2iSTfKucWKA
Static task
static1
Behavioral task
behavioral1
Sample
d1c1436fcbdfc15595d95287aa8ca3d69f277a1677000fa30bbb519e4d305a38.exe
Resource
win10-20230703-en
Malware Config
Extracted
smokeloader
summ
Extracted
smokeloader
2022
http://stalagmijesarl.com/
http://ukdantist-sarl.com/
http://cpcorprotationltd.com/
Extracted
redline
cc
94.228.169.160:43800
-
auth_value
ec4d19a9dd758ace38b4f5b4a447b048
Extracted
laplas
http://clipper.guru
-
api_key
0be23a6bec914a7d28f1aae995f036fdba93224093ddb48d02fe43e814862f4e
Targets
-
-
Target
d1c1436fcbdfc15595d95287aa8ca3d69f277a1677000fa30bbb519e4d305a38
-
Size
253KB
-
MD5
d5b47e416d7a06febe582f4b00b65367
-
SHA1
ea205f12d9fdf13b884f22454de514496a0b3865
-
SHA256
d1c1436fcbdfc15595d95287aa8ca3d69f277a1677000fa30bbb519e4d305a38
-
SHA512
0ac7a9bec2d49457ba1f7d4c6de74ff41ce9132fc2cb141a713e23cdb5e4ab1a8e0a96ac27adaa8911e1ee08829bff4f4f541fb954f187ed2717e476377f1565
-
SSDEEP
3072:vKLEBiLgtH0uX2ETlYKfRpjojDPyucx5CKAwlg:iLE3NX2iSTfKucWKA
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Deletes itself
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-