General
-
Target
36d37ce2298d33d84e3d2290663ed3088519bdfa5b0a1f178dfd2a28daefb30b
-
Size
239KB
-
Sample
230923-rv8f9aab92
-
MD5
6f566b0fe1df959bc19f82cc4040e732
-
SHA1
a9e1c97cae3b90b79d2ef6dae0aaac2baee7b8af
-
SHA256
36d37ce2298d33d84e3d2290663ed3088519bdfa5b0a1f178dfd2a28daefb30b
-
SHA512
d07294ff965cd90473acb22e0563d058278d20f279c26791e055014ac7a0ed77f4a4afb1c0b809898891be7862bc7853680895955e55150c98034a1178356ac3
-
SSDEEP
6144:/Z46fuYXChoQTjlFgLuCY1dRuAOd1PTkkvIAjw8y0:/uYzXChdTbv1bupIkvIAjw8y
Static task
static1
Behavioral task
behavioral1
Sample
36d37ce2298d33d84e3d2290663ed3088519bdfa5b0a1f178dfd2a28daefb30b.exe
Resource
win10-20230915-en
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
smokeloader
up3
Targets
-
-
Target
36d37ce2298d33d84e3d2290663ed3088519bdfa5b0a1f178dfd2a28daefb30b
-
Size
239KB
-
MD5
6f566b0fe1df959bc19f82cc4040e732
-
SHA1
a9e1c97cae3b90b79d2ef6dae0aaac2baee7b8af
-
SHA256
36d37ce2298d33d84e3d2290663ed3088519bdfa5b0a1f178dfd2a28daefb30b
-
SHA512
d07294ff965cd90473acb22e0563d058278d20f279c26791e055014ac7a0ed77f4a4afb1c0b809898891be7862bc7853680895955e55150c98034a1178356ac3
-
SSDEEP
6144:/Z46fuYXChoQTjlFgLuCY1dRuAOd1PTkkvIAjw8y0:/uYzXChdTbv1bupIkvIAjw8y
-
Glupteba payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-