General
-
Target
c88f54545bde70cdfbec29360ac522cee2c53cdba2493f6b4568c5361fe5be69
-
Size
251KB
-
Sample
230817-lppjasgf87
-
MD5
c5f918dbae071ab6c337f67cde854daa
-
SHA1
86d758d20f1bb5b38a746f1d99068b1ad3f2ac4d
-
SHA256
c88f54545bde70cdfbec29360ac522cee2c53cdba2493f6b4568c5361fe5be69
-
SHA512
c5c718dcdd54983099c57f2331c336e38dda627d9740c93d220f3226fb28d6c789a73f21b36ca5b66d41ee4127166eed28b036d1de3d328183c30a4c5b6071a8
-
SSDEEP
3072:p5zLmaXCA6vq9n6dOx2XhR5fA0EWwsQ5gwFtbsiOi8+O+CDmTRch+sK:3zQ/+n6dOxgM0EH59Ft1Qb/i
Static task
static1
Behavioral task
behavioral1
Sample
c88f54545bde70cdfbec29360ac522cee2c53cdba2493f6b4568c5361fe5be69.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
smokeloader
2022
http://potunulit.org/
http://hutnilior.net/
http://bulimu55t.net/
http://soryytlic4.net/
http://novanosa5org.org/
http://nuljjjnuli.org/
http://tolilolihul.net/
http://somatoka51hub.net/
http://hujukui3.net/
http://bukubuka1.net/
http://golilopaster.org/
http://newzelannd66.org/
http://otriluyttn.org/
Extracted
redline
lux3
176.123.9.142:14845
-
auth_value
e94dff9a76da90d6b000642c4a52574b
Extracted
redline
38.181.25.43:3325
-
auth_value
082cde17c5630749ecb0376734fe99c9
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
51.83.170.21:19447
-
auth_value
3a050df92d0cf082b2cdaf87863616be
Extracted
smokeloader
up3
Extracted
smokeloader
summ
Targets
-
-
Target
c88f54545bde70cdfbec29360ac522cee2c53cdba2493f6b4568c5361fe5be69
-
Size
251KB
-
MD5
c5f918dbae071ab6c337f67cde854daa
-
SHA1
86d758d20f1bb5b38a746f1d99068b1ad3f2ac4d
-
SHA256
c88f54545bde70cdfbec29360ac522cee2c53cdba2493f6b4568c5361fe5be69
-
SHA512
c5c718dcdd54983099c57f2331c336e38dda627d9740c93d220f3226fb28d6c789a73f21b36ca5b66d41ee4127166eed28b036d1de3d328183c30a4c5b6071a8
-
SSDEEP
3072:p5zLmaXCA6vq9n6dOx2XhR5fA0EWwsQ5gwFtbsiOi8+O+CDmTRch+sK:3zQ/+n6dOxgM0EH59Ft1Qb/i
-
Detected Djvu ransomware
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies file permissions
-
Uses the VBS compiler for execution
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-