General
-
Target
52a5d233c2cc11560d75c11bc492da3c.exe
-
Size
239KB
-
Sample
230924-psw94agd22
-
MD5
52a5d233c2cc11560d75c11bc492da3c
-
SHA1
d9c294a1244e864d2582cf7f73a9ca307cd68a64
-
SHA256
18e050a1ac1232f444a6eaff3efba0b54420774a506d802826bd7b7740c07077
-
SHA512
873c2e0b6f387e2fe234fba8334a2df95ff050f3ca38750b59c0b2c9257eee6dc2844adf661ba3644e84a07ad172aa74f39d600430c22a36a49f9ff70bdb2af0
-
SSDEEP
6144:VR46fuYXChoQTjlFgLuCY1dRuAOjkuw8y0:VGYzXChdTbv1bupw8y
Static task
static1
Behavioral task
behavioral1
Sample
52a5d233c2cc11560d75c11bc492da3c.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
52a5d233c2cc11560d75c11bc492da3c.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Targets
-
-
Target
52a5d233c2cc11560d75c11bc492da3c.exe
-
Size
239KB
-
MD5
52a5d233c2cc11560d75c11bc492da3c
-
SHA1
d9c294a1244e864d2582cf7f73a9ca307cd68a64
-
SHA256
18e050a1ac1232f444a6eaff3efba0b54420774a506d802826bd7b7740c07077
-
SHA512
873c2e0b6f387e2fe234fba8334a2df95ff050f3ca38750b59c0b2c9257eee6dc2844adf661ba3644e84a07ad172aa74f39d600430c22a36a49f9ff70bdb2af0
-
SSDEEP
6144:VR46fuYXChoQTjlFgLuCY1dRuAOjkuw8y0:VGYzXChdTbv1bupw8y
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
XMRig Miner payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-