General
-
Target
84f049870c425dcb50f3e85f5f0159abaa423783b0dbd5c8990244b1a6375d6c
-
Size
957KB
-
Sample
231101-2aaplafe62
-
MD5
cb53f66bae5614b3e99beb6a350d783a
-
SHA1
ca8f7a11755971ccbc140fe1ba6ecfa6071354ad
-
SHA256
84f049870c425dcb50f3e85f5f0159abaa423783b0dbd5c8990244b1a6375d6c
-
SHA512
714a3172a50ba8556364d0b7ded6a52df5a4ea5e0d35f3c6b74287f55d6c1d6acf30a08743aee514ee9a68c17a56f692f8fd92078090b76edbfa3454f3dca127
-
SSDEEP
12288:IbcWOo2dAKlpItf+BV3XHSlHYBPHJqXbmxoRj3cQpRnRu9cdTjQ5p:1WR2dAK4tf+BVHHkIoRj3cQD
Static task
static1
Behavioral task
behavioral1
Sample
84f049870c425dcb50f3e85f5f0159abaa423783b0dbd5c8990244b1a6375d6c.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
grome
77.91.124.86:19084
Extracted
redline
kinza
77.91.124.86:19084
Targets
-
-
Target
84f049870c425dcb50f3e85f5f0159abaa423783b0dbd5c8990244b1a6375d6c
-
Size
957KB
-
MD5
cb53f66bae5614b3e99beb6a350d783a
-
SHA1
ca8f7a11755971ccbc140fe1ba6ecfa6071354ad
-
SHA256
84f049870c425dcb50f3e85f5f0159abaa423783b0dbd5c8990244b1a6375d6c
-
SHA512
714a3172a50ba8556364d0b7ded6a52df5a4ea5e0d35f3c6b74287f55d6c1d6acf30a08743aee514ee9a68c17a56f692f8fd92078090b76edbfa3454f3dca127
-
SSDEEP
12288:IbcWOo2dAKlpItf+BV3XHSlHYBPHJqXbmxoRj3cQpRnRu9cdTjQ5p:1WR2dAK4tf+BVHHkIoRj3cQD
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-