General
-
Target
f17b8223fb1a52ce27906b8168d705e64fe561f1ea5fccb824d47c49fd78eb61
-
Size
240KB
-
Sample
230923-mflxgsgc39
-
MD5
dcd1bdfff6cd9da22dcef16369dc85dc
-
SHA1
c9904b5fd070e28e94be8800e2b6da38cd3c4891
-
SHA256
f17b8223fb1a52ce27906b8168d705e64fe561f1ea5fccb824d47c49fd78eb61
-
SHA512
e67b53b2a9ee4d30058cc2b8351f0839430578b1846f7100b04eb35c8d722fa2a906f62bb05750e7e180643773feec618591e0663b318c42bab72b9a468d3887
-
SSDEEP
6144:ql5frpxdonyq4zaG2u5AO9eKkpmR7wq9quqp:qLrp0/9u5/e1Dq9quqp
Static task
static1
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
fabookie
http://app.nnnaajjjgc.com/check/safe
Extracted
smokeloader
up3
Targets
-
-
Target
f17b8223fb1a52ce27906b8168d705e64fe561f1ea5fccb824d47c49fd78eb61
-
Size
240KB
-
MD5
dcd1bdfff6cd9da22dcef16369dc85dc
-
SHA1
c9904b5fd070e28e94be8800e2b6da38cd3c4891
-
SHA256
f17b8223fb1a52ce27906b8168d705e64fe561f1ea5fccb824d47c49fd78eb61
-
SHA512
e67b53b2a9ee4d30058cc2b8351f0839430578b1846f7100b04eb35c8d722fa2a906f62bb05750e7e180643773feec618591e0663b318c42bab72b9a468d3887
-
SSDEEP
6144:ql5frpxdonyq4zaG2u5AO9eKkpmR7wq9quqp:qLrp0/9u5/e1Dq9quqp
-
Detect Fabookie payload
-
Glupteba payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-