redline | 9fcb50c682e52cbb33a6d5723447684bfa580fb28fd4da3d1804e4a4caea2eee | Triage

Submit
Reports

Overview

overview

Static

static

3

dridex

windows10-2004-x64

Sharing

General

Target

9fcb50c682e52cbb33a6d5723447684bfa580fb28fd4da3d1804e4a4caea2eee
Size

957KB
Sample

231101-25exsseb5z
MD5

5b684151cee79201bc634bbce10bec59
SHA1

5099d23f5a9b95e44f8a0ba6e8b90917f20d625f
SHA256

9fcb50c682e52cbb33a6d5723447684bfa580fb28fd4da3d1804e4a4caea2eee
SHA512

41a1c29354a4c9fc7f24eea5425448fe835ae400620fe38cc4513204a26c58097014cb57f3737c7dd96de3180e88a7d36d78091932dbd17e33dbf14d48b9ef86
SSDEEP

12288:IbcPBo2dAKlpItf+BV3XHSlHYBPHJqXbmxoRj3cQpRnRu9cdTzzo7:1P+2dAK4tf+BVHHkIoRj3cQDM

Score

10^/10

redline smokeloader grome kinza backdoor paypal infostealer persistence phishing trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9fcb50c682e52cbb33a6d5723447684bfa580fb28fd4da3d1804e4a4caea2eee.exe

Resource

win10v2004-20231023-en

redline smokeloader grome kinza backdoor paypal infostealer persistence phishing trojan

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32

rc4.i32

Extracted

Family

redline

Botnet

grome

C2

77.91.124.86:19084

Extracted

Family

redline

Botnet

kinza

C2

77.91.124.86:19084

Targets

- Target
  
  9fcb50c682e52cbb33a6d5723447684bfa580fb28fd4da3d1804e4a4caea2eee
- Size
  
  957KB
- MD5
  
  5b684151cee79201bc634bbce10bec59
- SHA1
  
  5099d23f5a9b95e44f8a0ba6e8b90917f20d625f
- SHA256
  
  9fcb50c682e52cbb33a6d5723447684bfa580fb28fd4da3d1804e4a4caea2eee
- SHA512
  
  41a1c29354a4c9fc7f24eea5425448fe835ae400620fe38cc4513204a26c58097014cb57f3737c7dd96de3180e88a7d36d78091932dbd17e33dbf14d48b9ef86
- SSDEEP
  
  12288:IbcPBo2dAKlpItf+BV3XHSlHYBPHJqXbmxoRj3cQpRnRu9cdTzzo7:1P+2dAK4tf+BVHHkIoRj3cQDM
Score

10^/10

redline smokeloader grome kinza backdoor paypal infostealer persistence phishing trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Detected potential entity reuse from brand paypal.
  phishing paypal
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinesmokeloadergromekinzabackdoorpaypalinfostealerpersistencephishingtrojan

© 2018-2024

Terms | Privacy