General
-
Target
bb585b40a7d5f2dad95fb91e7a60881c89ecb9712882feaa330ef473f5a38cd9
-
Size
957KB
-
Sample
231101-1gerfsfb38
-
MD5
34f5f8d9985a9eadd72272e7abd537a7
-
SHA1
4d1590ea21885339979908d3add85430a2dec1aa
-
SHA256
bb585b40a7d5f2dad95fb91e7a60881c89ecb9712882feaa330ef473f5a38cd9
-
SHA512
f7ce7a7a7884e16fdbb56b536552ea5dfc835ab50e3a655007b4220c3cdbe325489b98e0a9713e050ef18ccacd614d70ec1e7d2ed0a41bb87cfdafb277a69543
-
SSDEEP
12288:tbcrZo2dAKlpItf+BV3XHSlHYBPHJqXbmxoRj3cQpRnRu9cdTwcRp:GrG2dAK4tf+BVHHkIoRj3cQDh
Static task
static1
Behavioral task
behavioral1
Sample
bb585b40a7d5f2dad95fb91e7a60881c89ecb9712882feaa330ef473f5a38cd9.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
grome
77.91.124.86:19084
Extracted
redline
kinza
77.91.124.86:19084
Targets
-
-
Target
bb585b40a7d5f2dad95fb91e7a60881c89ecb9712882feaa330ef473f5a38cd9
-
Size
957KB
-
MD5
34f5f8d9985a9eadd72272e7abd537a7
-
SHA1
4d1590ea21885339979908d3add85430a2dec1aa
-
SHA256
bb585b40a7d5f2dad95fb91e7a60881c89ecb9712882feaa330ef473f5a38cd9
-
SHA512
f7ce7a7a7884e16fdbb56b536552ea5dfc835ab50e3a655007b4220c3cdbe325489b98e0a9713e050ef18ccacd614d70ec1e7d2ed0a41bb87cfdafb277a69543
-
SSDEEP
12288:tbcrZo2dAKlpItf+BV3XHSlHYBPHJqXbmxoRj3cQpRnRu9cdTwcRp:GrG2dAK4tf+BVHHkIoRj3cQDh
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-