General
-
Target
31b1fb423d3a3b65e6df0a5bb5e7b26e.bin
-
Size
148KB
-
Sample
230915-bh97baah23
-
MD5
3902dfa977d09d92a58209373bac1b52
-
SHA1
43d929e43efeaf1bdff873c3664d72692c2683b9
-
SHA256
588ebf6295afef0d5e3196e90e9ea6df977f288def7e2308151ac6d36fbcbb02
-
SHA512
818e73492bf5169b53db5812370cfc7392a1628f84a8cf2617c15b53c61d85895ca1f782b3044d28de1ca289fdc7dc65593baa99e35e5cccd213ac79bf037bf8
-
SSDEEP
3072:vmLUD+ovJs6A7y21ex4tFXLwr7UbyU+K+YXXfxnpqAikNw35b72jTICPW:+q1W7NeAXsEWUV7fRA52w35X2jPW
Static task
static1
Behavioral task
behavioral1
Sample
4201248030180127dc4299a4dbcc6cde35beaafbefd9a25ffb3093d3e35f5dc2.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
4201248030180127dc4299a4dbcc6cde35beaafbefd9a25ffb3093d3e35f5dc2.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
smokeloader
pub1
Extracted
smokeloader
2022
http://gudintas.at/tmp/
http://pik96.ru/tmp/
http://rosatiauto.com/tmp/
http://kingpirate.ru/tmp/
Extracted
stealc
1467882962796800663244393688
http://85.209.11.51
-
url_path
/fefb4a458e1dc58b.php
Targets
-
-
Target
4201248030180127dc4299a4dbcc6cde35beaafbefd9a25ffb3093d3e35f5dc2.bin
-
Size
301KB
-
MD5
31b1fb423d3a3b65e6df0a5bb5e7b26e
-
SHA1
3cb7b522415c3ee912c3086068b34602b63ec909
-
SHA256
4201248030180127dc4299a4dbcc6cde35beaafbefd9a25ffb3093d3e35f5dc2
-
SHA512
b96b8329565fcf4baf390730a734fc41ee0b2f9926d806d05031fae4a649664d5d4c392025abc4d40ba7e383d6ee3bfe55c6d062ebdfb895c91d4fc86e59bb1b
-
SSDEEP
3072:gXrBniTRheshgU869bFVwuzl4IdS4wQQxS3pduERe+InC3:kxajeshgUt9bLjpZYQQx+6n
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-