General
-
Target
8bdf112b908fb2be733945d1234f6f9d45c48b50fc41e07238fb00c4f1ba3725
-
Size
1.5MB
-
Sample
231101-15fcwsdg7s
-
MD5
9585cf1bba82f1fb8ca4decbd5a97061
-
SHA1
fac0cbf14366e31ebbd46fdc28aabf2fadcb45d0
-
SHA256
c333adc05017503285d1371c63e6889b7ea5b84e2e3f19bf26faa24df838a6c1
-
SHA512
e5fedadae2ac7d68d1a1da611b0f28052ec215e435ed51828b8e2f0f94c84536eade614d814fe9563ce23e07f7046627f2fbf006e645242d4d5f2e7518edb688
-
SSDEEP
24576:WyNGs2WZz/GtZRiBUzXxWzejJ4Xn0VgudzyFHpwaNHn/ASpu5EIoGW:l8GAZhGCOXn0VXz8Hpw6H/d4iIoGW
Static task
static1
Behavioral task
behavioral1
Sample
8bdf112b908fb2be733945d1234f6f9d45c48b50fc41e07238fb00c4f1ba3725.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
grome
77.91.124.86:19084
Extracted
amadey
3.89
http://77.91.124.1/theme/index.php
-
install_dir
fefffe8cea
-
install_file
explothe.exe
-
strings_key
36a96139c1118a354edf72b1080d4b2f
Targets
-
-
Target
8bdf112b908fb2be733945d1234f6f9d45c48b50fc41e07238fb00c4f1ba3725
-
Size
1.5MB
-
MD5
b537f611835f48e032014e662b167842
-
SHA1
8b1d3588aa23c49669c70d35626637778bfd8365
-
SHA256
8bdf112b908fb2be733945d1234f6f9d45c48b50fc41e07238fb00c4f1ba3725
-
SHA512
24b534836553d02c1afc8c539656669036f5ce08acfe0fbf1c93ec3ab9d467474a3f58e6ad687229a11846d54583242eab1d8b84ea0a7676fd0bed8d6f2dbf49
-
SSDEEP
24576:QylI22iZz7Gb5RitUzzBQhejJcXl2ngu5fIL7XwEHlprdXyp05EIot:XiM45lgCCXl2nvf87XwEHbJCyiIo
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-