General
-
Target
693cef4031961e3a3334d6b3602addf934fdc24bba47490f0b9d05cc77c03318
-
Size
270KB
-
Sample
230924-rbfbcshc46
-
MD5
7b2859985d51ac87adb699f1e5b31dba
-
SHA1
8159ed415678abcf9080cb14d7d6590bd6053503
-
SHA256
693cef4031961e3a3334d6b3602addf934fdc24bba47490f0b9d05cc77c03318
-
SHA512
52f35df133b0c34eb51e0331047037ee7f64053a8230e4aa11db74c5ba97c75b556345bc14d5d3606decc91fac958340287a00d466bffde7dd320ae0fa58b503
-
SSDEEP
6144:TR+hrJ+j+5j68KsT6h/OCy5U9uAO2Ap9qqw6:TRIN+j+5+RsqGGu5jnw6
Static task
static1
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
smokeloader
up3
Extracted
smokeloader
2020
http://host-file-host6.com/
http://host-host-file8.com/
Targets
-
-
Target
693cef4031961e3a3334d6b3602addf934fdc24bba47490f0b9d05cc77c03318
-
Size
270KB
-
MD5
7b2859985d51ac87adb699f1e5b31dba
-
SHA1
8159ed415678abcf9080cb14d7d6590bd6053503
-
SHA256
693cef4031961e3a3334d6b3602addf934fdc24bba47490f0b9d05cc77c03318
-
SHA512
52f35df133b0c34eb51e0331047037ee7f64053a8230e4aa11db74c5ba97c75b556345bc14d5d3606decc91fac958340287a00d466bffde7dd320ae0fa58b503
-
SSDEEP
6144:TR+hrJ+j+5j68KsT6h/OCy5U9uAO2Ap9qqw6:TRIN+j+5+RsqGGu5jnw6
-
Glupteba payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-