General
-
Target
9460e50d25eb0b50c6bc1f170a1e005de643ea89ca62bca6467bf7d0cdafd9ea
-
Size
240KB
-
Sample
230923-l25faaec5v
-
MD5
37ab3ecc854001b5e1bc4281f68b2d4f
-
SHA1
38e4fdb8ddf603a5ec05552f5acf9fe263471102
-
SHA256
9460e50d25eb0b50c6bc1f170a1e005de643ea89ca62bca6467bf7d0cdafd9ea
-
SHA512
1aa692c523fc621748035d176b6c360853d003f67753570872e72e15785c5298f80cabddead33224c86fd8cd7bd6a987da4c7d08023d93c5595957a22b52e342
-
SSDEEP
6144:IF5frpxdonyq4zaG2u5AObeKGjnySquqp:Irrp0/9u59eHzRquqp
Static task
static1
Behavioral task
behavioral1
Sample
9460e50d25eb0b50c6bc1f170a1e005de643ea89ca62bca6467bf7d0cdafd9ea.exe
Resource
win10-20230915-en
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
fabookie
http://app.nnnaajjjgc.com/check/safe
Targets
-
-
Target
9460e50d25eb0b50c6bc1f170a1e005de643ea89ca62bca6467bf7d0cdafd9ea
-
Size
240KB
-
MD5
37ab3ecc854001b5e1bc4281f68b2d4f
-
SHA1
38e4fdb8ddf603a5ec05552f5acf9fe263471102
-
SHA256
9460e50d25eb0b50c6bc1f170a1e005de643ea89ca62bca6467bf7d0cdafd9ea
-
SHA512
1aa692c523fc621748035d176b6c360853d003f67753570872e72e15785c5298f80cabddead33224c86fd8cd7bd6a987da4c7d08023d93c5595957a22b52e342
-
SSDEEP
6144:IF5frpxdonyq4zaG2u5AObeKGjnySquqp:Irrp0/9u59eHzRquqp
-
Detect Fabookie payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
XMRig Miner payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-