General
-
Target
c684fa1a0e4d2d4db250ae845e0e5794ddba07a6d77d10e441532f3aad04d203
-
Size
270KB
-
Sample
230924-xwllrsae82
-
MD5
7846cca2b1e777b13cab189696c95728
-
SHA1
0435efa4848cc4ad6ce4e64804a1eb31335ceb06
-
SHA256
c684fa1a0e4d2d4db250ae845e0e5794ddba07a6d77d10e441532f3aad04d203
-
SHA512
5ac3a152bec8acf17a9e444a1d0068f2292683c57d96561fe2a73426e21540b0fa0b0ffd05d651784336b7d69a67583b365261a45685f49d1772ed0600e818e6
-
SSDEEP
6144:HRe4cMQ+j+5j68KsT6h/OCy5UKuAOCgzgkHSNDwK:HRe77+j+5+RsqGhulcdwK
Static task
static1
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
smokeloader
up3
Extracted
smokeloader
2020
http://host-file-host6.com/
http://host-host-file8.com/
Targets
-
-
Target
c684fa1a0e4d2d4db250ae845e0e5794ddba07a6d77d10e441532f3aad04d203
-
Size
270KB
-
MD5
7846cca2b1e777b13cab189696c95728
-
SHA1
0435efa4848cc4ad6ce4e64804a1eb31335ceb06
-
SHA256
c684fa1a0e4d2d4db250ae845e0e5794ddba07a6d77d10e441532f3aad04d203
-
SHA512
5ac3a152bec8acf17a9e444a1d0068f2292683c57d96561fe2a73426e21540b0fa0b0ffd05d651784336b7d69a67583b365261a45685f49d1772ed0600e818e6
-
SSDEEP
6144:HRe4cMQ+j+5j68KsT6h/OCy5UKuAOCgzgkHSNDwK:HRe77+j+5+RsqGhulcdwK
-
Glupteba payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-