General
-
Target
60b0ca3c8f66017af40d5744b74e2e7cb5f71744f84b4a986d5d7f81778949c0
-
Size
240KB
-
Sample
230923-hcmmdsdd8z
-
MD5
7da18ce15307dd2a5d06381b415d3fe8
-
SHA1
3b57ee4aedbbcd9f5c223e4be759b712a9eba9c7
-
SHA256
60b0ca3c8f66017af40d5744b74e2e7cb5f71744f84b4a986d5d7f81778949c0
-
SHA512
3248290c44890c8be55e823592e88a66484c033d0f2b29cac1e4820997766e8023cdd2a78372d69cf2b700a6d2236a8a1e742b88e25d91a3133e585230e69bac
-
SSDEEP
6144:tA5frpxdonyq4zaG2u5AOkeKrabEsm2jquqp:terp0/9u5KeU5sZjquqp
Static task
static1
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
fabookie
http://app.nnnaajjjgc.com/check/safe
Targets
-
-
Target
60b0ca3c8f66017af40d5744b74e2e7cb5f71744f84b4a986d5d7f81778949c0
-
Size
240KB
-
MD5
7da18ce15307dd2a5d06381b415d3fe8
-
SHA1
3b57ee4aedbbcd9f5c223e4be759b712a9eba9c7
-
SHA256
60b0ca3c8f66017af40d5744b74e2e7cb5f71744f84b4a986d5d7f81778949c0
-
SHA512
3248290c44890c8be55e823592e88a66484c033d0f2b29cac1e4820997766e8023cdd2a78372d69cf2b700a6d2236a8a1e742b88e25d91a3133e585230e69bac
-
SSDEEP
6144:tA5frpxdonyq4zaG2u5AOkeKrabEsm2jquqp:terp0/9u5KeU5sZjquqp
-
Detect Fabookie payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-