General
-
Target
c55c92457d03edbc7ec6f2c1ed55ca5e79d66d5ee568beab370229cd278649b1_JC.exe
-
Size
299KB
-
Sample
230915-qqespseh29
-
MD5
08f32f388b42aab675eea1bf2d60d770
-
SHA1
e53e062934952fa51c68a9400afa631880ccebe6
-
SHA256
c55c92457d03edbc7ec6f2c1ed55ca5e79d66d5ee568beab370229cd278649b1
-
SHA512
82ebb2416b4980bd699c04233800469ac23ba68d5ba950cd91d1a950af699bbd847a883e1907527000cc7fb7d34e3dd00d8d4609fd3324964f7317a7116b5ba7
-
SSDEEP
3072:W2CP+T3inIYGANRRZgJw8KmC1qr1NFCAoJGwMjLAAJgR3:GPKinIYXNRQ685RxIeJg
Static task
static1
Behavioral task
behavioral1
Sample
c55c92457d03edbc7ec6f2c1ed55ca5e79d66d5ee568beab370229cd278649b1_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
c55c92457d03edbc7ec6f2c1ed55ca5e79d66d5ee568beab370229cd278649b1_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
smokeloader
pub1
Extracted
smokeloader
2022
http://gudintas.at/tmp/
http://pik96.ru/tmp/
http://rosatiauto.com/tmp/
http://kingpirate.ru/tmp/
Extracted
stealc
http://85.209.11.51
-
url_path
/fefb4a458e1dc58b.php
Targets
-
-
Target
c55c92457d03edbc7ec6f2c1ed55ca5e79d66d5ee568beab370229cd278649b1_JC.exe
-
Size
299KB
-
MD5
08f32f388b42aab675eea1bf2d60d770
-
SHA1
e53e062934952fa51c68a9400afa631880ccebe6
-
SHA256
c55c92457d03edbc7ec6f2c1ed55ca5e79d66d5ee568beab370229cd278649b1
-
SHA512
82ebb2416b4980bd699c04233800469ac23ba68d5ba950cd91d1a950af699bbd847a883e1907527000cc7fb7d34e3dd00d8d4609fd3324964f7317a7116b5ba7
-
SSDEEP
3072:W2CP+T3inIYGANRRZgJw8KmC1qr1NFCAoJGwMjLAAJgR3:GPKinIYXNRQ685RxIeJg
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-