General
-
Target
41b87ee8d924234ce4626e5411ed60dd4739bb30320c1d7e75f142ab2ce171d6
-
Size
270KB
-
Sample
230924-xbs54sgh8s
-
MD5
8a57d6596272d8a8cb04c5769dbd08e3
-
SHA1
ec2333c45f999b3d92fe059ce962a42e322a72df
-
SHA256
41b87ee8d924234ce4626e5411ed60dd4739bb30320c1d7e75f142ab2ce171d6
-
SHA512
5506a5479c2c8789a00e0c1687085d2ac09b9201ebdac8aa0a63d6a65ddacb1163e552fccf10860c8b6a4366a9de4bf0e9061a2059913192914aae620839864b
-
SSDEEP
6144:rRChrJ+j+5j68KsT6h/OCy5U9uAOmASiyBDFqw6:rRsN+j+5+RsqGGu1Okw6
Static task
static1
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
smokeloader
up3
Extracted
smokeloader
2020
http://host-file-host6.com/
http://host-host-file8.com/
Targets
-
-
Target
41b87ee8d924234ce4626e5411ed60dd4739bb30320c1d7e75f142ab2ce171d6
-
Size
270KB
-
MD5
8a57d6596272d8a8cb04c5769dbd08e3
-
SHA1
ec2333c45f999b3d92fe059ce962a42e322a72df
-
SHA256
41b87ee8d924234ce4626e5411ed60dd4739bb30320c1d7e75f142ab2ce171d6
-
SHA512
5506a5479c2c8789a00e0c1687085d2ac09b9201ebdac8aa0a63d6a65ddacb1163e552fccf10860c8b6a4366a9de4bf0e9061a2059913192914aae620839864b
-
SSDEEP
6144:rRChrJ+j+5j68KsT6h/OCy5U9uAOmASiyBDFqw6:rRsN+j+5+RsqGGu1Okw6
-
Glupteba payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-