General
-
Target
7996b797890071dca6217cd3794627ab0598adc58829ca38205ab2ed5af7772f
-
Size
270KB
-
Sample
230924-rv6mnahe42
-
MD5
f9ff782999cf859f169d7100fdcfd56d
-
SHA1
6dc80e52df96d70d733034366de3292a646b5d03
-
SHA256
7996b797890071dca6217cd3794627ab0598adc58829ca38205ab2ed5af7772f
-
SHA512
7cb0a84525343d3a7e4dd13a8ff449f9af6f0d2a1a7fe6b271210a6865d963165e47b0d5f65fc81d1129079c109a287ed5ed782a8b2787468f67f826171c51a8
-
SSDEEP
6144:IR3hrJ+j+5j68KsT6h/OCy5U9uAOHA+Kwdj/xqw6:IRxN+j+5+RsqGGu++Kwdjww6
Static task
static1
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
smokeloader
up3
Targets
-
-
Target
7996b797890071dca6217cd3794627ab0598adc58829ca38205ab2ed5af7772f
-
Size
270KB
-
MD5
f9ff782999cf859f169d7100fdcfd56d
-
SHA1
6dc80e52df96d70d733034366de3292a646b5d03
-
SHA256
7996b797890071dca6217cd3794627ab0598adc58829ca38205ab2ed5af7772f
-
SHA512
7cb0a84525343d3a7e4dd13a8ff449f9af6f0d2a1a7fe6b271210a6865d963165e47b0d5f65fc81d1129079c109a287ed5ed782a8b2787468f67f826171c51a8
-
SSDEEP
6144:IR3hrJ+j+5j68KsT6h/OCy5U9uAOHA+Kwdj/xqw6:IRxN+j+5+RsqGGu++Kwdjww6
-
Glupteba payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-