General
-
Target
5356858cb44d41f678d43f4efed2589820aced5337fd424b70169469e5ef1aca
-
Size
239KB
-
Sample
230923-y35hwsca58
-
MD5
6847196f406ea4cf905b0dc20b2740b5
-
SHA1
2e6263d442ef5220a86e756a3b03dd90b18ff607
-
SHA256
5356858cb44d41f678d43f4efed2589820aced5337fd424b70169469e5ef1aca
-
SHA512
8f2b10e011b4b41ff3ac79c99206291117f50a4b62adb3590142aee6e9bacaa370395390edabf0a339b13269365d43c305924f4a77274225afdb49bd7ae7fbb8
-
SSDEEP
6144:Bu46fuYXChoQTjlFgLuCY1dRuAOTQZqw8y0:B7YzXChdTbv1buyEw8y
Static task
static1
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
fabookie
http://app.nnnaajjjgc.com/check/safe
Targets
-
-
Target
5356858cb44d41f678d43f4efed2589820aced5337fd424b70169469e5ef1aca
-
Size
239KB
-
MD5
6847196f406ea4cf905b0dc20b2740b5
-
SHA1
2e6263d442ef5220a86e756a3b03dd90b18ff607
-
SHA256
5356858cb44d41f678d43f4efed2589820aced5337fd424b70169469e5ef1aca
-
SHA512
8f2b10e011b4b41ff3ac79c99206291117f50a4b62adb3590142aee6e9bacaa370395390edabf0a339b13269365d43c305924f4a77274225afdb49bd7ae7fbb8
-
SSDEEP
6144:Bu46fuYXChoQTjlFgLuCY1dRuAOTQZqw8y0:B7YzXChdTbv1buyEw8y
-
Detect Fabookie payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-