General
-
Target
f9b0b7049ac595e16804e91f95752f7da5a43efadc54a5e4a83adfc38cad6da1
-
Size
957KB
-
Sample
231101-29h51sfh78
-
MD5
7b48ff8a72ea5b33df120aee13bce703
-
SHA1
f4b1e6294475f3d68079a3cd1057ff580ddf0adb
-
SHA256
f9b0b7049ac595e16804e91f95752f7da5a43efadc54a5e4a83adfc38cad6da1
-
SHA512
2ce7067b41d842ed87fc340f46efdeae71f40ba639d3483f4fbdb966e9f04465672556af9174e31df4ea779447d8b22d316336f1d3dad7a7de54a818977348a5
-
SSDEEP
12288:RbcMxo2dAKlpItf+BV3XHSlHYBPHJqXbmxoRj3cQpRnRu9cdTJKCcUNCj:qMu2dAK4tf+BVHHkIoRj3cQDwCB
Static task
static1
Behavioral task
behavioral1
Sample
f9b0b7049ac595e16804e91f95752f7da5a43efadc54a5e4a83adfc38cad6da1.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
grome
77.91.124.86:19084
Extracted
redline
kinza
77.91.124.86:19084
Targets
-
-
Target
f9b0b7049ac595e16804e91f95752f7da5a43efadc54a5e4a83adfc38cad6da1
-
Size
957KB
-
MD5
7b48ff8a72ea5b33df120aee13bce703
-
SHA1
f4b1e6294475f3d68079a3cd1057ff580ddf0adb
-
SHA256
f9b0b7049ac595e16804e91f95752f7da5a43efadc54a5e4a83adfc38cad6da1
-
SHA512
2ce7067b41d842ed87fc340f46efdeae71f40ba639d3483f4fbdb966e9f04465672556af9174e31df4ea779447d8b22d316336f1d3dad7a7de54a818977348a5
-
SSDEEP
12288:RbcMxo2dAKlpItf+BV3XHSlHYBPHJqXbmxoRj3cQpRnRu9cdTJKCcUNCj:qMu2dAK4tf+BVHHkIoRj3cQDwCB
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-