General
-
Target
c69d4e2ebc8e63ab70c8e1034b5a8da0ba49febe4c5db38c38bb35354344f831
-
Size
240KB
-
Sample
230923-mb5tssec71
-
MD5
5fdeef7f047f2458121c63cf3eccb0a1
-
SHA1
4df6ad83070b0005caba93916ede933b90c4f908
-
SHA256
c69d4e2ebc8e63ab70c8e1034b5a8da0ba49febe4c5db38c38bb35354344f831
-
SHA512
7ec246f51150543836238df6bd6f1287a434fafb7816ea419109dcc4b6bfdac46c15ee0e7ebc342dd8113bfe13aea27bcab861367d7d298fc5f11cc710535b07
-
SSDEEP
3072:YnlaE5Mno95B0Z4tu6pxdJKnyqx/doHzaGLnaVRZiTyaUDeAg0FujDTVwzKDeQu9:YL5frpxdonyq4zaG2u5AO7eKW3Oquqp
Static task
static1
Behavioral task
behavioral1
Sample
c69d4e2ebc8e63ab70c8e1034b5a8da0ba49febe4c5db38c38bb35354344f831.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
smokeloader
up3
Extracted
fabookie
http://app.nnnaajjjgc.com/check/safe
Targets
-
-
Target
c69d4e2ebc8e63ab70c8e1034b5a8da0ba49febe4c5db38c38bb35354344f831
-
Size
240KB
-
MD5
5fdeef7f047f2458121c63cf3eccb0a1
-
SHA1
4df6ad83070b0005caba93916ede933b90c4f908
-
SHA256
c69d4e2ebc8e63ab70c8e1034b5a8da0ba49febe4c5db38c38bb35354344f831
-
SHA512
7ec246f51150543836238df6bd6f1287a434fafb7816ea419109dcc4b6bfdac46c15ee0e7ebc342dd8113bfe13aea27bcab861367d7d298fc5f11cc710535b07
-
SSDEEP
3072:YnlaE5Mno95B0Z4tu6pxdJKnyqx/doHzaGLnaVRZiTyaUDeAg0FujDTVwzKDeQu9:YL5frpxdonyq4zaG2u5AO7eKW3Oquqp
-
Detect Fabookie payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-