redline | 75f1b83365dc9f8867aae86d9b8234f544d0b193743bfb012d31a258652d2bc4 | Triage

Sharing

General

Target

75f1b83365dc9f8867aae86d9b8234f544d0b193743bfb012d31a258652d2bc4
Size

207KB
Sample

230903-1w1bpscf82
MD5

29f9c469d2695d3d90204fd2f7226efd
SHA1

4ec4b5892bbeac6e37e8c609b54648bf40a123bb
SHA256

75f1b83365dc9f8867aae86d9b8234f544d0b193743bfb012d31a258652d2bc4
SHA512

b29421b982a1801ecb957c2868c9987c187979258f16e3493f2456e8ffaa0cee78da4129aba2b2e726351ba807ec813eaa5a375b36c24f2035a6eb0cd503f7cc
SSDEEP

3072:rDVjvYR+L4xC/yx9J2pJgZwl36OkjfWVEEcoTyYR:fCR+L4CMqBN6Ok6VeM9

Score

10^/10

redline smokeloader installs summ backdoor infostealer trojan

Malware Config

Extracted

Family

smokeloader

Botnet

summ

Extracted

Family

smokeloader

Version

2022

C2

http://stalagmijesarl.com/

http://ukdantist-sarl.com/

http://cpcorprotationltd.com/

rc4.i32

rc4.i32

Extracted

Family

redline

Botnet

installs

C2

162.55.189.218:26952

Attributes

auth_value
4bdfa4191a2826ff2af143a4691bab78

Targets

- Target
  
  75f1b83365dc9f8867aae86d9b8234f544d0b193743bfb012d31a258652d2bc4
- Size
  
  207KB
- MD5
  
  29f9c469d2695d3d90204fd2f7226efd
- SHA1
  
  4ec4b5892bbeac6e37e8c609b54648bf40a123bb
- SHA256
  
  75f1b83365dc9f8867aae86d9b8234f544d0b193743bfb012d31a258652d2bc4
- SHA512
  
  b29421b982a1801ecb957c2868c9987c187979258f16e3493f2456e8ffaa0cee78da4129aba2b2e726351ba807ec813eaa5a375b36c24f2035a6eb0cd503f7cc
- SSDEEP
  
  3072:rDVjvYR+L4xC/yx9J2pJgZwl36OkjfWVEEcoTyYR:fCR+L4CMqBN6Ok6VeM9
Score

10^/10

redline smokeloader installs summ backdoor infostealer trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Deletes itself
- Executes dropped EXE
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesmokeloaderinstallssummbackdoorinfostealertrojan

behavioral2

redlinesmokeloaderinstallssummbackdoorinfostealertrojan