General
-
Target
73628586c7c2b8835c904d9fab72a256c9b7a69df68a1f85fe50fe94545f3c4a
-
Size
321KB
-
Sample
231101-1qjrrsde6t
-
MD5
d3da6b08f4c98b506f43e6ea23cc6022
-
SHA1
79d448c6112fb2d09ae06b6facd75f2c7d974723
-
SHA256
3546beb118d30291d229803031f3de33f645044b90032a0d2a6a39341d001d18
-
SHA512
2a037dd8f3db66776e253a158439a55610ea14f75d0523b8c3a752c16e5e0190730cf1fe3ae04945122c9e09dd832d22c226f38eafdeb6e1ff6973c99d977c78
-
SSDEEP
6144:5dPFedEpZOrU2Ii81SYc9sVBrnctueYq1A742q21yZbWQ:5dosM4i8gxs3Xq1N2q21yZ3
Static task
static1
Behavioral task
behavioral1
Sample
73628586c7c2b8835c904d9fab72a256c9b7a69df68a1f85fe50fe94545f3c4a.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
73628586c7c2b8835c904d9fab72a256c9b7a69df68a1f85fe50fe94545f3c4a.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
grome
77.91.124.86:19084
Extracted
redline
kinza
77.91.124.86:19084
Targets
-
-
Target
73628586c7c2b8835c904d9fab72a256c9b7a69df68a1f85fe50fe94545f3c4a
-
Size
891KB
-
MD5
d458b50c0bc7724c0ac4641a53e540f1
-
SHA1
771ec67bb148baed1ca7351b0733a6fe83ae9d80
-
SHA256
73628586c7c2b8835c904d9fab72a256c9b7a69df68a1f85fe50fe94545f3c4a
-
SHA512
44223168dfd6b020f45902c63adc0e5d05abc1b2aacc262b7bf7b138f108ae4dfd5b5e20ea38ade0072d26254b0eec6e6764f78039b2d5fd0de62d5d2fec45c2
-
SSDEEP
12288:WqAP1oO7rmNwdUUEE+qgnulOdnuODG9KDFkXbzyu2yYybAPAP:oaUmNwdUUEE+B1dbS9KDF6AP
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-