General
-
Target
8c45507a25278c0cca07dd4dc28159c86c4070eb4b742fce5fd959f7d8152da9
-
Size
239KB
-
Sample
230923-m62evsge27
-
MD5
054b0a34aaf7b44fcf5939801edf6b41
-
SHA1
6d619412ff71e75d3bc2459cdd4b77309003b2d7
-
SHA256
8c45507a25278c0cca07dd4dc28159c86c4070eb4b742fce5fd959f7d8152da9
-
SHA512
05c205765f5584bebb90f5f22a9b3b618b6dbfbe30c9a3b9dcac0a1da6d06d0e853bebf1a0d1102dabe2c9d7461450b0fa5ca056f36641bc7d4378a5781442e2
-
SSDEEP
6144:p946fuYXChoQTjlFgLuCY1dRuAOPF1EPme8w8y0:pqYzXChdTbv1buNSKw8y
Static task
static1
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
fabookie
http://app.nnnaajjjgc.com/check/safe
Targets
-
-
Target
8c45507a25278c0cca07dd4dc28159c86c4070eb4b742fce5fd959f7d8152da9
-
Size
239KB
-
MD5
054b0a34aaf7b44fcf5939801edf6b41
-
SHA1
6d619412ff71e75d3bc2459cdd4b77309003b2d7
-
SHA256
8c45507a25278c0cca07dd4dc28159c86c4070eb4b742fce5fd959f7d8152da9
-
SHA512
05c205765f5584bebb90f5f22a9b3b618b6dbfbe30c9a3b9dcac0a1da6d06d0e853bebf1a0d1102dabe2c9d7461450b0fa5ca056f36641bc7d4378a5781442e2
-
SSDEEP
6144:p946fuYXChoQTjlFgLuCY1dRuAOPF1EPme8w8y0:pqYzXChdTbv1buNSKw8y
-
Detect Fabookie payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
XMRig Miner payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-