General
-
Target
1ddbdbe4b87d2c0991ecc6013c86763e9cbf1c101ce73e5968c96aef26dedde1
-
Size
240KB
-
Sample
230923-hm7ejsfe56
-
MD5
8f277c6fab1644a6ccbc1e99ef6ca053
-
SHA1
103b6c2734e9a250804b370c3cd4ad5c8040b6a6
-
SHA256
1ddbdbe4b87d2c0991ecc6013c86763e9cbf1c101ce73e5968c96aef26dedde1
-
SHA512
cb4c86558b3df70b1ac567c200233e3c14a7a672b3c7ce417fba11ea7f703a16c1dffbb4a81d212d0ae50dc839ff6319320f6c7cfe9c107031706e84bfeb1b8b
-
SSDEEP
6144:aT5frpxdonyq4zaG2u5AOZeKe3taTqnquqp:atrp0/9u5zeRGqnquqp
Static task
static1
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
fabookie
http://app.nnnaajjjgc.com/check/safe
Targets
-
-
Target
1ddbdbe4b87d2c0991ecc6013c86763e9cbf1c101ce73e5968c96aef26dedde1
-
Size
240KB
-
MD5
8f277c6fab1644a6ccbc1e99ef6ca053
-
SHA1
103b6c2734e9a250804b370c3cd4ad5c8040b6a6
-
SHA256
1ddbdbe4b87d2c0991ecc6013c86763e9cbf1c101ce73e5968c96aef26dedde1
-
SHA512
cb4c86558b3df70b1ac567c200233e3c14a7a672b3c7ce417fba11ea7f703a16c1dffbb4a81d212d0ae50dc839ff6319320f6c7cfe9c107031706e84bfeb1b8b
-
SSDEEP
6144:aT5frpxdonyq4zaG2u5AOZeKe3taTqnquqp:atrp0/9u5zeRGqnquqp
-
Detect Fabookie payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
XMRig Miner payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-