General
-
Target
02e4cfb01cc116b2058fe26b0b9a36b1334efc819ed271df9083297d1ffb63a6
-
Size
240KB
-
Sample
230923-lwl2raec4v
-
MD5
9b21483b560373a66049970394acf74f
-
SHA1
15538438440cde7700ea44aa2418d5f96919d178
-
SHA256
02e4cfb01cc116b2058fe26b0b9a36b1334efc819ed271df9083297d1ffb63a6
-
SHA512
8a3ad2b4cb632a56a8558633a258f3068bd4f8e81e7d0f956ccc85295652241477b76635ba43c247d6ccbc4cfdc2436024349ce389be5c7f696f543008a5e7fc
-
SSDEEP
3072:gZIDE5Mno95B0Z4tu6pxdJKnyqx/doHzaGLnaVRZiTyaUDeAg0FujD3VwzKmhgA2:g15frpxdonyq4zaG2u5AOPeKm/8Yquqp
Static task
static1
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
fabookie
http://app.nnnaajjjgc.com/check/safe
Targets
-
-
Target
02e4cfb01cc116b2058fe26b0b9a36b1334efc819ed271df9083297d1ffb63a6
-
Size
240KB
-
MD5
9b21483b560373a66049970394acf74f
-
SHA1
15538438440cde7700ea44aa2418d5f96919d178
-
SHA256
02e4cfb01cc116b2058fe26b0b9a36b1334efc819ed271df9083297d1ffb63a6
-
SHA512
8a3ad2b4cb632a56a8558633a258f3068bd4f8e81e7d0f956ccc85295652241477b76635ba43c247d6ccbc4cfdc2436024349ce389be5c7f696f543008a5e7fc
-
SSDEEP
3072:gZIDE5Mno95B0Z4tu6pxdJKnyqx/doHzaGLnaVRZiTyaUDeAg0FujD3VwzKmhgA2:g15frpxdonyq4zaG2u5AOPeKm/8Yquqp
-
Detect Fabookie payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
XMRig Miner payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-