General
-
Target
7d60b5299c58aff32984e5d334bca65b96e7b3918060f5963c3ca85b0a3efca7
-
Size
240KB
-
Sample
230923-leyzzseb7v
-
MD5
abfdbb65e1977ad1f2d7e43647b1ffdc
-
SHA1
b26081670a87138d394da59c5b70cb40a846e995
-
SHA256
7d60b5299c58aff32984e5d334bca65b96e7b3918060f5963c3ca85b0a3efca7
-
SHA512
2647247f5ce9aa50e75cc0c3470ac16c66d270e0273635c8258e064c9472893be9082ffc4749883b0a2eda30715eaaa72b4f6f0c26a2bf2a84ff4173d6e2b1ed
-
SSDEEP
6144:eupwrphdIXyqIzqGG45AOneKGIC7Nmr+kquqp:eXrpkPN45NexIjrfquqp
Static task
static1
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
fabookie
http://app.nnnaajjjgc.com/check/safe
Targets
-
-
Target
7d60b5299c58aff32984e5d334bca65b96e7b3918060f5963c3ca85b0a3efca7
-
Size
240KB
-
MD5
abfdbb65e1977ad1f2d7e43647b1ffdc
-
SHA1
b26081670a87138d394da59c5b70cb40a846e995
-
SHA256
7d60b5299c58aff32984e5d334bca65b96e7b3918060f5963c3ca85b0a3efca7
-
SHA512
2647247f5ce9aa50e75cc0c3470ac16c66d270e0273635c8258e064c9472893be9082ffc4749883b0a2eda30715eaaa72b4f6f0c26a2bf2a84ff4173d6e2b1ed
-
SSDEEP
6144:eupwrphdIXyqIzqGG45AOneKGIC7Nmr+kquqp:eXrpkPN45NexIjrfquqp
-
Detect Fabookie payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
XMRig Miner payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-