General
-
Target
c2bb29d1deb9922b924285443da650bb38f5cbdc67905294369cda2795d38b69
-
Size
321KB
-
Sample
231101-1zse9sfd75
-
MD5
3a86eb9ce4aac25353b7eb7b238c3131
-
SHA1
2afa736d35e1251e3fd3b685942873f74d6d5f16
-
SHA256
7982e05dc454253fe66ed687e24f0ae2d3d1b83d9695ca196692d0391da24fc9
-
SHA512
dd41499ea8b2d05a68691650d6bee3b7e11cfaa9cad7c50086444f2c185704cab47f46d4dcdfce0306fc640d92dfee400d3b8a4e700acfb8269367699ea69c9a
-
SSDEEP
6144:aCoMtc+8W3f2BS1nNfpDAb2K0bOetfr9kxZeYq1q8MC2/0i6SLVTIw6qqmyl3o9V:ahMy+8W3e01nNfpDG2K0bOetTafq1q8u
Static task
static1
Behavioral task
behavioral1
Sample
c2bb29d1deb9922b924285443da650bb38f5cbdc67905294369cda2795d38b69.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
c2bb29d1deb9922b924285443da650bb38f5cbdc67905294369cda2795d38b69.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
grome
77.91.124.86:19084
Extracted
redline
kinza
77.91.124.86:19084
Targets
-
-
Target
c2bb29d1deb9922b924285443da650bb38f5cbdc67905294369cda2795d38b69
-
Size
891KB
-
MD5
ee928e4d4d5e0af6d5cba4937ca9d782
-
SHA1
d90c19524fafc80e79d2ab46002b2b11fd3f2324
-
SHA256
c2bb29d1deb9922b924285443da650bb38f5cbdc67905294369cda2795d38b69
-
SHA512
e92bff0e3d1308e404c92f7a5700cb3979eaecd20c0162be23b7184464ec1c060b7bb081fa049f530b180639127e0444ffbc52bd9a6c5275b4f2e430ad91cb90
-
SSDEEP
12288:NqAPd5o7rmNwdUUEE+qgnulOdnuODG9KDFkXbzyu2yYyr:pbSmNwdUUEE+B1dbS9KDF
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-