redline | cef823e614c07e8813c9e32db81d8dc6a20d00a3e55aca97a6a5c340aa6e5d1c | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

dridex

windows10-1703-x64

Sharing

General

Target

cef823e614c07e8813c9e32db81d8dc6a20d00a3e55aca97a6a5c340aa6e5d1c
Size

1012KB
Sample

231001-vt2tvsdf66
MD5

d1906fd8d9e6b18ee8a134e81982e23a
SHA1

3420d976f980b963fec140739f0eaef07c7333e3
SHA256

cef823e614c07e8813c9e32db81d8dc6a20d00a3e55aca97a6a5c340aa6e5d1c
SHA512

c291d08ce4275882bcd8029288073a48837d62471bd093621f16624d75e425891f8ece38d3469a2b05dbc195123e6e643f103e035f2ea5ab6302c07a13717045
SSDEEP

24576:4s9rN9YwPzIFbDslb50xVwJF5Jq9HnyKLW2U08U/7zgesADyI:t9rNWwbeP9wsnC0Z70esADyI

Score

10^/10

redline smokeloader edward rlol backdoor collection discovery infostealer spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

cef823e614c07e8813c9e32db81d8dc6a20d00a3e55aca97a6a5c340aa6e5d1c.exe

Resource

win10-20230915-en

redline smokeloader edward rlol backdoor collection discovery infostealer spyware stealer trojan

windows10-1703-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

edward

C2

193.58.147.147:39834

Attributes

auth_value
446f634e82d0b4e53079f0a26b8c33a8

Extracted

Family

smokeloader

Botnet

rlol

Extracted

Family

smokeloader

Version

2020

C2

http://akmedia.in/js/k/index.php

http://bethesdaserukam.org/setting/k/index.php

http://stemschools.in/js/k/index.php

http://dejarestaurant.com/wp-admin/js/k/index.php

http://moabscript.ir/wp-admin/js/k/index.php

http://nicehybridseeds.com/image/catalog/k/index.php

http://imaker.io/picktail/js/k/index.php

http://nanavatisworld.com/assets/js/k/index.php

http://smartbubox.com/img/k/index.php

http://krigenpharmaceuticals.com/js/k/index.php

rc4.i32

rc4.i32

Targets

- Target
  
  cef823e614c07e8813c9e32db81d8dc6a20d00a3e55aca97a6a5c340aa6e5d1c
- Size
  
  1012KB
- MD5
  
  d1906fd8d9e6b18ee8a134e81982e23a
- SHA1
  
  3420d976f980b963fec140739f0eaef07c7333e3
- SHA256
  
  cef823e614c07e8813c9e32db81d8dc6a20d00a3e55aca97a6a5c340aa6e5d1c
- SHA512
  
  c291d08ce4275882bcd8029288073a48837d62471bd093621f16624d75e425891f8ece38d3469a2b05dbc195123e6e643f103e035f2ea5ab6302c07a13717045
- SSDEEP
  
  24576:4s9rN9YwPzIFbDslb50xVwJF5Jq9HnyKLW2U08U/7zgesADyI:t9rNWwbeP9wsnC0Z70esADyI
Score

10^/10

redline smokeloader edward rlol backdoor collection discovery infostealer spyware stealer trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesmokeloaderedwardrlolbackdoorcollectiondiscoveryinfostealerspywarestealertrojan

© 2018-2025

Terms | Privacy