General
-
Target
a624270a83349d77d031118dee908f048faf72c358a7c7123dd7c95395a2a6e4
-
Size
240KB
-
Sample
230923-gcbz8ada4z
-
MD5
c4467a94a5bdba8bae28e5f278793d0a
-
SHA1
bb222964e84abfe5eba0867fb3c23402798af718
-
SHA256
a624270a83349d77d031118dee908f048faf72c358a7c7123dd7c95395a2a6e4
-
SHA512
bc548e697da2729c5feedf159a050091f6a8bc6764d518548c93e9aa090b9a2492863e26f8484429b142c68960101477266a7eb6b92df38f093671f570d571e8
-
SSDEEP
3072:aDCmE5Mno95B0Z4tu6pxdJKnyqx/doHzaGLnaVRZiTyaUDeAg0FujDBVwzKhyy/F:aw5frpxdonyq4zaG2u5AOZeKQydcquqp
Static task
static1
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
fabookie
http://app.nnnaajjjgc.com/check/safe
Targets
-
-
Target
a624270a83349d77d031118dee908f048faf72c358a7c7123dd7c95395a2a6e4
-
Size
240KB
-
MD5
c4467a94a5bdba8bae28e5f278793d0a
-
SHA1
bb222964e84abfe5eba0867fb3c23402798af718
-
SHA256
a624270a83349d77d031118dee908f048faf72c358a7c7123dd7c95395a2a6e4
-
SHA512
bc548e697da2729c5feedf159a050091f6a8bc6764d518548c93e9aa090b9a2492863e26f8484429b142c68960101477266a7eb6b92df38f093671f570d571e8
-
SSDEEP
3072:aDCmE5Mno95B0Z4tu6pxdJKnyqx/doHzaGLnaVRZiTyaUDeAg0FujDBVwzKhyy/F:aw5frpxdonyq4zaG2u5AOZeKQydcquqp
-
Detect Fabookie payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-