General
-
Target
3a9de2062ed05cddc3db8b4258e285258d796950dee999a489c5ad1624ece1cc
-
Size
270KB
-
Sample
230924-rsc8bsfh6t
-
MD5
aabcfd825f5489f9b26cf1f90a552625
-
SHA1
fdcba229b9ab1cf3f6f1109ba5aabe86703e8ed2
-
SHA256
3a9de2062ed05cddc3db8b4258e285258d796950dee999a489c5ad1624ece1cc
-
SHA512
2fee709d63466ea1e9b2faa5caca34523af366189e0d65709f195d4cf5821a05935bbfb8e61e152965799ad1002a4cd3a4f682b75190386e626c407d9f08ef5f
-
SSDEEP
6144:dRuhrJ+j+5j68KsT6h/OCy5U9uAOAA/lUBqw6:dR4N+j+5+RsqGGun6Yw6
Static task
static1
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
smokeloader
up3
Targets
-
-
Target
3a9de2062ed05cddc3db8b4258e285258d796950dee999a489c5ad1624ece1cc
-
Size
270KB
-
MD5
aabcfd825f5489f9b26cf1f90a552625
-
SHA1
fdcba229b9ab1cf3f6f1109ba5aabe86703e8ed2
-
SHA256
3a9de2062ed05cddc3db8b4258e285258d796950dee999a489c5ad1624ece1cc
-
SHA512
2fee709d63466ea1e9b2faa5caca34523af366189e0d65709f195d4cf5821a05935bbfb8e61e152965799ad1002a4cd3a4f682b75190386e626c407d9f08ef5f
-
SSDEEP
6144:dRuhrJ+j+5j68KsT6h/OCy5U9uAOAA/lUBqw6:dR4N+j+5+RsqGGun6Yw6
-
Glupteba payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-