General
-
Target
c708c06ac006be2c5cf4391e70e1c253.bin
-
Size
149KB
-
Sample
230915-b5qfesba38
-
MD5
94ea92c19106bf781d49fbf0065364ba
-
SHA1
e4d73ff7f63408bbf82fdead6d884dba1549d27d
-
SHA256
d15d43361e526465a90fd20ff15d50b37db02d6a5d0c037568eb745b5c0ce30d
-
SHA512
826525bfd7eb05930c10c9753518f687bcdcee7e01679522194b738af1e2c410260d82036a3e5eaa97f79c27b05e400052807930800ee519af7defd031fb6165
-
SSDEEP
3072:tbLRl4Sl5mwFpip1Y1xV4qwuhdtHNn5/KBej9Q/eYhRDgoYd3:tvRbmwFwpyr9RdN/KcKVAd
Static task
static1
Behavioral task
behavioral1
Sample
77fcb3294002ee5ecfbd36825e19d038a4d7d213734758dae1fa731bfa2b1058.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
77fcb3294002ee5ecfbd36825e19d038a4d7d213734758dae1fa731bfa2b1058.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
smokeloader
pub1
Extracted
smokeloader
2022
http://gudintas.at/tmp/
http://pik96.ru/tmp/
http://rosatiauto.com/tmp/
http://kingpirate.ru/tmp/
Extracted
stealc
1467882962796800663244393688
http://85.209.11.51
-
url_path
/fefb4a458e1dc58b.php
Targets
-
-
Target
77fcb3294002ee5ecfbd36825e19d038a4d7d213734758dae1fa731bfa2b1058.bin
-
Size
301KB
-
MD5
c708c06ac006be2c5cf4391e70e1c253
-
SHA1
373018a482fe73923068acb59aec1a92df283481
-
SHA256
77fcb3294002ee5ecfbd36825e19d038a4d7d213734758dae1fa731bfa2b1058
-
SHA512
557c5764f2fb536597775f91a484843bdcee8ca14dc61b69795aa68c8d74dca9ea6b2aa9e2015c98d7dd8f17e1b3e95f6ebff35275eb51200317ad19e3881e9c
-
SSDEEP
6144:KcFenSVdEdILeE783DJQmEQwVHn7hHLG:KhnqdcSCe7di
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-