General
-
Target
82dedf05fd161e7d56714289a98939f0b9fa2e2788213b7099f087af6466fe96
-
Size
240KB
-
Sample
230923-gl2l8sfb29
-
MD5
18c41b8e481b3981f3f384e0d7d50a6b
-
SHA1
ed9c4b94ff0ff6b3fc1f1bb3bb2afe21cb2b716f
-
SHA256
82dedf05fd161e7d56714289a98939f0b9fa2e2788213b7099f087af6466fe96
-
SHA512
da725aa9403b02d01986f9c0ae1ae42d81320b10b4136ec726ad20f0abbc75b569f2c914c7a061995ea11017a3ccf8ce96418d647abd3fc5d61fa6ffca4e366a
-
SSDEEP
6144:lB5frpxdonyq4zaG2u5AOIeKdzQzjLquqp:lXrp0/9u5GeK8HLquqp
Static task
static1
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
smokeloader
up3
Extracted
fabookie
http://app.nnnaajjjgc.com/check/safe
Extracted
smokeloader
2020
http://host-file-host6.com/
http://host-host-file8.com/
Targets
-
-
Target
82dedf05fd161e7d56714289a98939f0b9fa2e2788213b7099f087af6466fe96
-
Size
240KB
-
MD5
18c41b8e481b3981f3f384e0d7d50a6b
-
SHA1
ed9c4b94ff0ff6b3fc1f1bb3bb2afe21cb2b716f
-
SHA256
82dedf05fd161e7d56714289a98939f0b9fa2e2788213b7099f087af6466fe96
-
SHA512
da725aa9403b02d01986f9c0ae1ae42d81320b10b4136ec726ad20f0abbc75b569f2c914c7a061995ea11017a3ccf8ce96418d647abd3fc5d61fa6ffca4e366a
-
SSDEEP
6144:lB5frpxdonyq4zaG2u5AOIeKdzQzjLquqp:lXrp0/9u5GeK8HLquqp
-
Detect Fabookie payload
-
Glupteba payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
XMRig Miner payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-