General
-
Target
d6338b06fb55a486b85e9e7b67399275c40efec75da2e9312da4d9c59c6f4da5
-
Size
957KB
-
Sample
231101-13vpssdg6v
-
MD5
e0909d8dee4a8d7f74fc65d58844818a
-
SHA1
cf16a296307f440abc481ff4787830a692388fec
-
SHA256
d6338b06fb55a486b85e9e7b67399275c40efec75da2e9312da4d9c59c6f4da5
-
SHA512
1bed80d8dcc2c8c163fceaeee8b66aad2d691f1ce5d75c367746c61a760e8997762dd7abe65b20ea2ad57a926d2a10f4868d5990ac7bfb8511ab46ec588cb469
-
SSDEEP
12288:KbcuYo2dAKlpItf+BV3XHSlHYBPHJqXbmxoRj3cQpRnRu9cdTnlBAXFM2us:Xuv2dAK4tf+BVHHkIoRj3cQDIFM
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
grome
77.91.124.86:19084
Targets
-
-
Target
d6338b06fb55a486b85e9e7b67399275c40efec75da2e9312da4d9c59c6f4da5
-
Size
957KB
-
MD5
e0909d8dee4a8d7f74fc65d58844818a
-
SHA1
cf16a296307f440abc481ff4787830a692388fec
-
SHA256
d6338b06fb55a486b85e9e7b67399275c40efec75da2e9312da4d9c59c6f4da5
-
SHA512
1bed80d8dcc2c8c163fceaeee8b66aad2d691f1ce5d75c367746c61a760e8997762dd7abe65b20ea2ad57a926d2a10f4868d5990ac7bfb8511ab46ec588cb469
-
SSDEEP
12288:KbcuYo2dAKlpItf+BV3XHSlHYBPHJqXbmxoRj3cQpRnRu9cdTnlBAXFM2us:Xuv2dAK4tf+BVHHkIoRj3cQDIFM
Score10/10-
Detected google phishing page
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-