General
-
Target
2e6c10d75191ff66b3c05f17e1f247766a5f20adbf28b4f40b3318a67fc50d0d
-
Size
239KB
-
Sample
230923-ytal6aca38
-
MD5
43cc39518c04460b80bfa75450cc65a3
-
SHA1
b651efcb5e9609906bc53ffa49c939dc32c261bd
-
SHA256
2e6c10d75191ff66b3c05f17e1f247766a5f20adbf28b4f40b3318a67fc50d0d
-
SHA512
a0fdbd7ad42a78fcc7d551e96b096213d8d9a22c45cc0c954a98ea336488287dd8843c6c5d454a53a23f4f03f96bf22da6736f974f31003d722dd7ff01a3c8a2
-
SSDEEP
6144:ZV46fuYXChoQTjlFgLuCY1dRuAODd0UWew8y0:ZiYzXChdTbv1buTZLw8y
Static task
static1
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
fabookie
http://app.nnnaajjjgc.com/check/safe
Targets
-
-
Target
2e6c10d75191ff66b3c05f17e1f247766a5f20adbf28b4f40b3318a67fc50d0d
-
Size
239KB
-
MD5
43cc39518c04460b80bfa75450cc65a3
-
SHA1
b651efcb5e9609906bc53ffa49c939dc32c261bd
-
SHA256
2e6c10d75191ff66b3c05f17e1f247766a5f20adbf28b4f40b3318a67fc50d0d
-
SHA512
a0fdbd7ad42a78fcc7d551e96b096213d8d9a22c45cc0c954a98ea336488287dd8843c6c5d454a53a23f4f03f96bf22da6736f974f31003d722dd7ff01a3c8a2
-
SSDEEP
6144:ZV46fuYXChoQTjlFgLuCY1dRuAODd0UWew8y0:ZiYzXChdTbv1buTZLw8y
-
Detect Fabookie payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-