General
-
Target
8060c260d9723a7af20aa29c259cf43e9e2a1fad153614f4f5af18c18e30ac9a
-
Size
270KB
-
Sample
230924-wgwyhsgf9y
-
MD5
c622bee64a2dd8af317612f11e8fe626
-
SHA1
a5f5de1ee48d243032e7f2af5eae82b527bf93e4
-
SHA256
8060c260d9723a7af20aa29c259cf43e9e2a1fad153614f4f5af18c18e30ac9a
-
SHA512
ce1c16a55daa4af487d4cb2b240c33870d8e56f4abcc2a0ac4e6df573dbc4d3d21066e8a4f4a3627790d3fb1117dc5bf72c665b7b285423ca10c8040fd3043f7
-
SSDEEP
6144:lR9hrJ+j+5j68KsT6h/OCy5U9uAOoA/kNviSqw6:lRTN+j+5+RsqGGu//kMfw6
Static task
static1
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
smokeloader
up3
Extracted
smokeloader
2020
http://host-file-host6.com/
http://host-host-file8.com/
Targets
-
-
Target
8060c260d9723a7af20aa29c259cf43e9e2a1fad153614f4f5af18c18e30ac9a
-
Size
270KB
-
MD5
c622bee64a2dd8af317612f11e8fe626
-
SHA1
a5f5de1ee48d243032e7f2af5eae82b527bf93e4
-
SHA256
8060c260d9723a7af20aa29c259cf43e9e2a1fad153614f4f5af18c18e30ac9a
-
SHA512
ce1c16a55daa4af487d4cb2b240c33870d8e56f4abcc2a0ac4e6df573dbc4d3d21066e8a4f4a3627790d3fb1117dc5bf72c665b7b285423ca10c8040fd3043f7
-
SSDEEP
6144:lR9hrJ+j+5j68KsT6h/OCy5U9uAOoA/kNviSqw6:lRTN+j+5+RsqGGu//kMfw6
-
Glupteba payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-