General
-
Target
85d638b1e8c447f509943469771d840bac74699b6d446f80f7810b5a83ede83c
-
Size
240KB
-
Sample
230923-g3w33sfc69
-
MD5
1d422cc9740be481023ed9252da27563
-
SHA1
7fefc92e1762875eb96762d8cacb43dd07555241
-
SHA256
85d638b1e8c447f509943469771d840bac74699b6d446f80f7810b5a83ede83c
-
SHA512
9953a3ab96267bcb7241c454ffaa6dedd4e8daa82e68e779b39c68fcd3a4ac02f12c103ce23cf227ec7dc07dd6d1ca0fd17ded615363a18405193a38a3cac2f8
-
SSDEEP
6144:Vf5frpxdonyq4zaG2u5AOUeK8OP1LHsMRmquqp:VJrp0/9u56erO4quqp
Static task
static1
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
smokeloader
up3
Extracted
fabookie
http://app.nnnaajjjgc.com/check/safe
Extracted
smokeloader
2020
http://host-file-host6.com/
http://host-host-file8.com/
Targets
-
-
Target
85d638b1e8c447f509943469771d840bac74699b6d446f80f7810b5a83ede83c
-
Size
240KB
-
MD5
1d422cc9740be481023ed9252da27563
-
SHA1
7fefc92e1762875eb96762d8cacb43dd07555241
-
SHA256
85d638b1e8c447f509943469771d840bac74699b6d446f80f7810b5a83ede83c
-
SHA512
9953a3ab96267bcb7241c454ffaa6dedd4e8daa82e68e779b39c68fcd3a4ac02f12c103ce23cf227ec7dc07dd6d1ca0fd17ded615363a18405193a38a3cac2f8
-
SSDEEP
6144:Vf5frpxdonyq4zaG2u5AOUeK8OP1LHsMRmquqp:VJrp0/9u56erO4quqp
-
Detect Fabookie payload
-
Glupteba payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-