General
-
Target
f06368fda458ffeb9ff88fa428ef5d92ea039a1960f18cdda0c5f373c2b69699
-
Size
270KB
-
Sample
230924-qgqhvafb6y
-
MD5
56a372c17cc8836aa17947c83ef933b1
-
SHA1
272f295505fc954d724c6125169f4cb56e30ad2f
-
SHA256
f06368fda458ffeb9ff88fa428ef5d92ea039a1960f18cdda0c5f373c2b69699
-
SHA512
daf092de97448a2bfbb483598cd4347d590a1ae72b7584c564505b8d4ca574a790871cc389eff034cee88a89e878c44901523f8552fdb12b5afb634b934c04a2
-
SSDEEP
6144:ERxhrJ+j+5j68KsT6h/OCy5U9uAOXAAd1lDqw6:ERnN+j+5+RsqGGuuA5+w6
Static task
static1
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
smokeloader
up3
Targets
-
-
Target
f06368fda458ffeb9ff88fa428ef5d92ea039a1960f18cdda0c5f373c2b69699
-
Size
270KB
-
MD5
56a372c17cc8836aa17947c83ef933b1
-
SHA1
272f295505fc954d724c6125169f4cb56e30ad2f
-
SHA256
f06368fda458ffeb9ff88fa428ef5d92ea039a1960f18cdda0c5f373c2b69699
-
SHA512
daf092de97448a2bfbb483598cd4347d590a1ae72b7584c564505b8d4ca574a790871cc389eff034cee88a89e878c44901523f8552fdb12b5afb634b934c04a2
-
SSDEEP
6144:ERxhrJ+j+5j68KsT6h/OCy5U9uAOXAAd1lDqw6:ERnN+j+5+RsqGGuuA5+w6
-
Glupteba payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-