General
-
Target
43dd50f77ea7a8e2752f07246b12ca195ebdc8fa0e29bde31edd03ea2efed183
-
Size
270KB
-
Sample
230924-t7fywage4v
-
MD5
363074612e21d382964714ed00a71d62
-
SHA1
79ab28f513d80304350081a3c02ecdeb70804bfa
-
SHA256
43dd50f77ea7a8e2752f07246b12ca195ebdc8fa0e29bde31edd03ea2efed183
-
SHA512
5637aa287825e5eaee201fed44efaff10038dd41c7864a5a4876833319b06f98f979ffe6d0950c4ace8bec8978dae18b7770c67febb45a44eb2ad962e0c74696
-
SSDEEP
6144:PRKhrJ+j+5j68KsT6h/OCy5U9uAOyA43Pf1SYqw6:PRUN+j+5+RsqGGu5431Sxw6
Static task
static1
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
smokeloader
up3
Targets
-
-
Target
43dd50f77ea7a8e2752f07246b12ca195ebdc8fa0e29bde31edd03ea2efed183
-
Size
270KB
-
MD5
363074612e21d382964714ed00a71d62
-
SHA1
79ab28f513d80304350081a3c02ecdeb70804bfa
-
SHA256
43dd50f77ea7a8e2752f07246b12ca195ebdc8fa0e29bde31edd03ea2efed183
-
SHA512
5637aa287825e5eaee201fed44efaff10038dd41c7864a5a4876833319b06f98f979ffe6d0950c4ace8bec8978dae18b7770c67febb45a44eb2ad962e0c74696
-
SSDEEP
6144:PRKhrJ+j+5j68KsT6h/OCy5U9uAOyA43Pf1SYqw6:PRUN+j+5+RsqGGu5431Sxw6
-
Glupteba payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-