redline | 9199be7aefdf13bec12f84faddd5a722429a511427ff866aa31ddc80095c5a1a | Triage

Sharing

General

Target

file
Size

878KB
Sample

231015-afxyjacf2t
MD5

d4d2e1ff2787b4f220f64fb4df76dd27
SHA1

9c57173f5b93630e95f27b1d9fa2946d2584b544
SHA256

9199be7aefdf13bec12f84faddd5a722429a511427ff866aa31ddc80095c5a1a
SHA512

4ddf905d3e8d7acdcc7ff90ccbc7fc7af9da4c99f20a8b17a50fef963d40265649ed2940b3b5ccdcef512829c517a4bad38d0cecf39fc41b24d764ee2edba8dd
SSDEEP

12288:oMrqy90xWPPmw0SMP2LASWOCeAXE9HpjFzFfUYJLxH5gUqtmAjVX1QD8sfQxn:Sy2WPwSAneWuhfUYdnOmqVX8DQN

Score

10^/10

redline smokeloader breha backdoor evasion infostealer persistence trojan

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32

rc4.i32

Extracted

Family

redline

Botnet

breha

C2

77.91.124.55:19071

Targets

- Target
  
  file
- Size
  
  878KB
- MD5
  
  d4d2e1ff2787b4f220f64fb4df76dd27
- SHA1
  
  9c57173f5b93630e95f27b1d9fa2946d2584b544
- SHA256
  
  9199be7aefdf13bec12f84faddd5a722429a511427ff866aa31ddc80095c5a1a
- SHA512
  
  4ddf905d3e8d7acdcc7ff90ccbc7fc7af9da4c99f20a8b17a50fef963d40265649ed2940b3b5ccdcef512829c517a4bad38d0cecf39fc41b24d764ee2edba8dd
- SSDEEP
  
  12288:oMrqy90xWPPmw0SMP2LASWOCeAXE9HpjFzFfUYJLxH5gUqtmAjVX1QD8sfQxn:Sy2WPwSAneWuhfUYdnOmqVX8DQN
Score

10^/10

evasion persistence trojan redline smokeloader breha backdoor infostealer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

redlinesmokeloaderbrehabackdoorevasioninfostealerpersistencetrojan