General
-
Target
9fc003bc2e8643ca6dd568daef3682f0aa169a446802f90c9e9dc5f36ed4593c
-
Size
270KB
-
Sample
230924-t4ftpsaa72
-
MD5
5541bda9a6d1959aaa2c81fe0f5fe2c2
-
SHA1
56ebd5eca9efd029dba3de411e76577e37bd3018
-
SHA256
9fc003bc2e8643ca6dd568daef3682f0aa169a446802f90c9e9dc5f36ed4593c
-
SHA512
6e0a3ebc6b5be960f6b0a95bdd500dd0600220967f3efe5601d2a3df3a6ec90853bb75961f61255d0f8145cfe2ddd029d3d10936a09cde15604b73be2e71096f
-
SSDEEP
6144:zRthrJ+j+5j68KsT6h/OCy5U9uAOOAHDUPouYXTIPqw6:zRDN+j+5+RsqGGuhjYo3T3w6
Static task
static1
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
smokeloader
up3
Targets
-
-
Target
9fc003bc2e8643ca6dd568daef3682f0aa169a446802f90c9e9dc5f36ed4593c
-
Size
270KB
-
MD5
5541bda9a6d1959aaa2c81fe0f5fe2c2
-
SHA1
56ebd5eca9efd029dba3de411e76577e37bd3018
-
SHA256
9fc003bc2e8643ca6dd568daef3682f0aa169a446802f90c9e9dc5f36ed4593c
-
SHA512
6e0a3ebc6b5be960f6b0a95bdd500dd0600220967f3efe5601d2a3df3a6ec90853bb75961f61255d0f8145cfe2ddd029d3d10936a09cde15604b73be2e71096f
-
SSDEEP
6144:zRthrJ+j+5j68KsT6h/OCy5U9uAOOAHDUPouYXTIPqw6:zRDN+j+5+RsqGGuhjYo3T3w6
-
Glupteba payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-