General
-
Target
0cfc8131ef396d23967b35ea5f7178264cd3bcb70bf47d07471ccd45377e6bfb
-
Size
957KB
-
Sample
231101-1tkhgafc84
-
MD5
eb4c1eb334f897efb6f59b8655f23852
-
SHA1
174050ad14ed266aa064540e1746e970bbe74f4c
-
SHA256
0cfc8131ef396d23967b35ea5f7178264cd3bcb70bf47d07471ccd45377e6bfb
-
SHA512
f0d73af64c46ab66452833a935246cf9b55c5cfd21f48a70f22619473a40bbebc7e43e65f43f54ecd7d81999987ce169788d276bcb008d7bc2170730fc12ac13
-
SSDEEP
12288:0bcdHo2dAKlpItf+BV3XHSlHYBPHJqXbmxoRj3cQpRnRu9cdTBCH9:BdI2dAK4tf+BVHHkIoRj3cQDW
Static task
static1
Behavioral task
behavioral1
Sample
0cfc8131ef396d23967b35ea5f7178264cd3bcb70bf47d07471ccd45377e6bfb.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
grome
77.91.124.86:19084
Extracted
redline
kinza
77.91.124.86:19084
Targets
-
-
Target
0cfc8131ef396d23967b35ea5f7178264cd3bcb70bf47d07471ccd45377e6bfb
-
Size
957KB
-
MD5
eb4c1eb334f897efb6f59b8655f23852
-
SHA1
174050ad14ed266aa064540e1746e970bbe74f4c
-
SHA256
0cfc8131ef396d23967b35ea5f7178264cd3bcb70bf47d07471ccd45377e6bfb
-
SHA512
f0d73af64c46ab66452833a935246cf9b55c5cfd21f48a70f22619473a40bbebc7e43e65f43f54ecd7d81999987ce169788d276bcb008d7bc2170730fc12ac13
-
SSDEEP
12288:0bcdHo2dAKlpItf+BV3XHSlHYBPHJqXbmxoRj3cQpRnRu9cdTBCH9:BdI2dAK4tf+BVHHkIoRj3cQDW
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-