General
-
Target
93d9fe3ff8ffbf18ffe1de110e21b3917396a5e65c755db2511c052fc5162975
-
Size
240KB
-
Sample
230923-mxdx7sgd33
-
MD5
e59ef1fadab4e89a0298111a52c92b97
-
SHA1
36affbbce3f27ea65467924165f44bd4353abd07
-
SHA256
93d9fe3ff8ffbf18ffe1de110e21b3917396a5e65c755db2511c052fc5162975
-
SHA512
ea2089a05cf2e9056b2074d9dc78ec070425c5be7d45d6e486242b00a45a847954aa65dc513e80ed8d3d01ea03ac27d8bc2392a52621da4b1028d4cf4c073262
-
SSDEEP
6144:Md5frpxdonyq4zaG2u5AOzeKvFswSPlfLquqp:Mjrp0/9u55egsdTquqp
Static task
static1
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
fabookie
http://app.nnnaajjjgc.com/check/safe
Targets
-
-
Target
93d9fe3ff8ffbf18ffe1de110e21b3917396a5e65c755db2511c052fc5162975
-
Size
240KB
-
MD5
e59ef1fadab4e89a0298111a52c92b97
-
SHA1
36affbbce3f27ea65467924165f44bd4353abd07
-
SHA256
93d9fe3ff8ffbf18ffe1de110e21b3917396a5e65c755db2511c052fc5162975
-
SHA512
ea2089a05cf2e9056b2074d9dc78ec070425c5be7d45d6e486242b00a45a847954aa65dc513e80ed8d3d01ea03ac27d8bc2392a52621da4b1028d4cf4c073262
-
SSDEEP
6144:Md5frpxdonyq4zaG2u5AOzeKvFswSPlfLquqp:Mjrp0/9u55egsdTquqp
-
Detect Fabookie payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
XMRig Miner payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-