General
-
Target
d97870519284a5335be4837d68f3a7b482cb50b9d5a1d27893113075edfb862d
-
Size
240KB
-
Sample
230923-mh2qqaec8z
-
MD5
f007f6f6ec3993bb84411aae44a784bd
-
SHA1
1f657babf39d7cae95dcaea9e23f418467cd5738
-
SHA256
d97870519284a5335be4837d68f3a7b482cb50b9d5a1d27893113075edfb862d
-
SHA512
c48b4ae06985cc0df4a779d394645b43208ffd973e71a52d75aa701469d37471aa22547b0123f22a5b12f72c41ed63df3631f9a6fa1657378496ed895fbfdda6
-
SSDEEP
3072:I/3ODE5Mno95B0Z4tu6pxdJKnyqx/doHzaGLnaVRZiTyaUDeAg0FujDfVwzKabx4:I15frpxdonyq4zaG2u5AOneKa5Bbquqp
Static task
static1
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
fabookie
http://app.nnnaajjjgc.com/check/safe
Targets
-
-
Target
d97870519284a5335be4837d68f3a7b482cb50b9d5a1d27893113075edfb862d
-
Size
240KB
-
MD5
f007f6f6ec3993bb84411aae44a784bd
-
SHA1
1f657babf39d7cae95dcaea9e23f418467cd5738
-
SHA256
d97870519284a5335be4837d68f3a7b482cb50b9d5a1d27893113075edfb862d
-
SHA512
c48b4ae06985cc0df4a779d394645b43208ffd973e71a52d75aa701469d37471aa22547b0123f22a5b12f72c41ed63df3631f9a6fa1657378496ed895fbfdda6
-
SSDEEP
3072:I/3ODE5Mno95B0Z4tu6pxdJKnyqx/doHzaGLnaVRZiTyaUDeAg0FujDfVwzKabx4:I15frpxdonyq4zaG2u5AOneKa5Bbquqp
-
Detect Fabookie payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
XMRig Miner payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-