Extracted

Extracted

• • Target

    36d37ce2298d33d84e3d2290663ed3088519bdfa5b0a1f178dfd2a28daefb30b

  • Size

    239KB

  • MD5

    6f566b0fe1df959bc19f82cc4040e732

  • SHA1

    a9e1c97cae3b90b79d2ef6dae0aaac2baee7b8af

  • SHA256

    36d37ce2298d33d84e3d2290663ed3088519bdfa5b0a1f178dfd2a28daefb30b

  • SHA512

    d07294ff965cd90473acb22e0563d058278d20f279c26791e055014ac7a0ed77f4a4afb1c0b809898891be7862bc7853680895955e55150c98034a1178356ac3

  • SSDEEP

    6144:/Z46fuYXChoQTjlFgLuCY1dRuAOd1PTkkvIAjw8y0:/uYzXChdTbv1bupIkvIAjw8y

  Score

  10^/10

  gluptebaredlinesmokeloaderup3backdoorgooglediscoverydropperinfostealerloaderpersistencephishingspywaretrojan

  • Detected google phishing page

    phishinggoogle

  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

    loaderdropperglupteba

  • Glupteba payload

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Uses the VBS compiler for execution

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1