General
-
Target
940868416aaf8f58b2284206044f3e6a208fbc5a0873361c02177f277e371c16
-
Size
239KB
-
Sample
230923-mz1vraee31
-
MD5
b2c175e95cbbac48bd2398231910092d
-
SHA1
f59c4701a73a542919f45020a2a237157caa167d
-
SHA256
940868416aaf8f58b2284206044f3e6a208fbc5a0873361c02177f277e371c16
-
SHA512
6b063b8cffd48495bb4bbb6eee29992074b2b789bdaa499c27de013a2c8327ea52625c9d441158a992b31dad5dede93e7f1cbd262718ca50c0e420e42e25c704
-
SSDEEP
6144:lJ46fuYXChoQTjlFgLuCY1dRuAO71TRE0/w8y0:l+YzXChdTbv1buXVDw8y
Static task
static1
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
fabookie
http://app.nnnaajjjgc.com/check/safe
Targets
-
-
Target
940868416aaf8f58b2284206044f3e6a208fbc5a0873361c02177f277e371c16
-
Size
239KB
-
MD5
b2c175e95cbbac48bd2398231910092d
-
SHA1
f59c4701a73a542919f45020a2a237157caa167d
-
SHA256
940868416aaf8f58b2284206044f3e6a208fbc5a0873361c02177f277e371c16
-
SHA512
6b063b8cffd48495bb4bbb6eee29992074b2b789bdaa499c27de013a2c8327ea52625c9d441158a992b31dad5dede93e7f1cbd262718ca50c0e420e42e25c704
-
SSDEEP
6144:lJ46fuYXChoQTjlFgLuCY1dRuAO71TRE0/w8y0:l+YzXChdTbv1buXVDw8y
-
Detect Fabookie payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
XMRig Miner payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-