General
-
Target
c38a33d08840e23aef88d6a9b5c00bed49aea5681c6cf29d293d2b2be2b7469b
-
Size
957KB
-
Sample
231101-21w1hsfh27
-
MD5
399c70db942fdc350774c4350e08697f
-
SHA1
f6e9499be20257ffab465b1e9a65bffd9ab88165
-
SHA256
c38a33d08840e23aef88d6a9b5c00bed49aea5681c6cf29d293d2b2be2b7469b
-
SHA512
b7a480acddaa39e5d471450a819059119d21c940174e396bcfc9dd6937815aa8bd3cb879efae43814acc90001aea9ea86ddb36efaa4a06397556f2c1942c02d6
-
SSDEEP
12288:Xbc1xo2dAKlpItf+BV3XHSlHYBPHJqXbmxoRj3cQpRnRu9cdTXb0:w1u2dAK4tf+BVHHkIoRj3cQDX
Static task
static1
Behavioral task
behavioral1
Sample
c38a33d08840e23aef88d6a9b5c00bed49aea5681c6cf29d293d2b2be2b7469b.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
grome
77.91.124.86:19084
Extracted
redline
kinza
77.91.124.86:19084
Targets
-
-
Target
c38a33d08840e23aef88d6a9b5c00bed49aea5681c6cf29d293d2b2be2b7469b
-
Size
957KB
-
MD5
399c70db942fdc350774c4350e08697f
-
SHA1
f6e9499be20257ffab465b1e9a65bffd9ab88165
-
SHA256
c38a33d08840e23aef88d6a9b5c00bed49aea5681c6cf29d293d2b2be2b7469b
-
SHA512
b7a480acddaa39e5d471450a819059119d21c940174e396bcfc9dd6937815aa8bd3cb879efae43814acc90001aea9ea86ddb36efaa4a06397556f2c1942c02d6
-
SSDEEP
12288:Xbc1xo2dAKlpItf+BV3XHSlHYBPHJqXbmxoRj3cQpRnRu9cdTXb0:w1u2dAK4tf+BVHHkIoRj3cQDX
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-