General
-
Target
06e2941c767f00be17ecab67218768b9c077bbeee1e486ec34515b7122985398
-
Size
239KB
-
Sample
230923-ye9spsbh75
-
MD5
aa58e90744be736796f763c7ba4b54f4
-
SHA1
7e2cf6a59a73e7243b9cd6d6470d92fa2146ed69
-
SHA256
06e2941c767f00be17ecab67218768b9c077bbeee1e486ec34515b7122985398
-
SHA512
e709e466d6c2060e09782b719131a2d4104acf4116a146af7fa3a30808f657a45c4444298f5ea737f48990b54149b7c9f57093e865e34175e7c1bbbc234e6cc8
-
SSDEEP
6144:0L46fuYXChoQTjlFgLuCY1dRuAOieRHGLGKw8y0:0UYzXChdTbv1bu9myKw8y
Static task
static1
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
fabookie
http://app.nnnaajjjgc.com/check/safe
Targets
-
-
Target
06e2941c767f00be17ecab67218768b9c077bbeee1e486ec34515b7122985398
-
Size
239KB
-
MD5
aa58e90744be736796f763c7ba4b54f4
-
SHA1
7e2cf6a59a73e7243b9cd6d6470d92fa2146ed69
-
SHA256
06e2941c767f00be17ecab67218768b9c077bbeee1e486ec34515b7122985398
-
SHA512
e709e466d6c2060e09782b719131a2d4104acf4116a146af7fa3a30808f657a45c4444298f5ea737f48990b54149b7c9f57093e865e34175e7c1bbbc234e6cc8
-
SSDEEP
6144:0L46fuYXChoQTjlFgLuCY1dRuAOieRHGLGKw8y0:0UYzXChdTbv1bu9myKw8y
-
Detect Fabookie payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-