General
-
Target
99b54b89a995b9e87fa1a57b27f8d5293626a66c496ee5bea3b28fcf544b4e51
-
Size
1.4MB
-
Sample
231101-1xy52adf7w
-
MD5
682bdf0725f207c6cb262d974e50454a
-
SHA1
6c9298ce190dcaffe910884f4234a2482bd61430
-
SHA256
99b54b89a995b9e87fa1a57b27f8d5293626a66c496ee5bea3b28fcf544b4e51
-
SHA512
5ae9c1e1e3e2e3755868118df7916e4f2b6e259e93a838282e480c72027a246c2cfb16b0652165eb369f2f000a1a333e365aed801a4c5d04a63f5002e171d9fb
-
SSDEEP
24576:Dy5xXzb1RnzpcJUqtJXP6bVzDX4ltquFV9hQ/w/iIn6ta0EcqnS3OmJP:W5Nv5cSqtJXP6bVQFLhtiIn6rh0Bm
Static task
static1
Behavioral task
behavioral1
Sample
99b54b89a995b9e87fa1a57b27f8d5293626a66c496ee5bea3b28fcf544b4e51.exe
Resource
win10v2004-20231025-en
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
grome
77.91.124.86:19084
Extracted
redline
kinza
77.91.124.86:19084
Targets
-
-
Target
99b54b89a995b9e87fa1a57b27f8d5293626a66c496ee5bea3b28fcf544b4e51
-
Size
1.4MB
-
MD5
682bdf0725f207c6cb262d974e50454a
-
SHA1
6c9298ce190dcaffe910884f4234a2482bd61430
-
SHA256
99b54b89a995b9e87fa1a57b27f8d5293626a66c496ee5bea3b28fcf544b4e51
-
SHA512
5ae9c1e1e3e2e3755868118df7916e4f2b6e259e93a838282e480c72027a246c2cfb16b0652165eb369f2f000a1a333e365aed801a4c5d04a63f5002e171d9fb
-
SSDEEP
24576:Dy5xXzb1RnzpcJUqtJXP6bVzDX4ltquFV9hQ/w/iIn6ta0EcqnS3OmJP:W5Nv5cSqtJXP6bVQFLhtiIn6rh0Bm
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1