General
-
Target
534626a8c3a30795caf0e99919909638f4b633d960c4cda0175e57f1f26510ad
-
Size
957KB
-
Sample
231101-2sqhrsfg39
-
MD5
7fddcf540cb9f29af3cdc44886ce0de9
-
SHA1
3140a08741862577e3c7b78b0b021c9f6671b437
-
SHA256
534626a8c3a30795caf0e99919909638f4b633d960c4cda0175e57f1f26510ad
-
SHA512
ab9a6ee19688c3cbfd1a1e7a95a221050d595727a47ec87110f688570f454475e1269b765cda3e379240033a0a75afb789525aeaa898164256ea62b350e36b5d
-
SSDEEP
12288:WbccNo2dAKlpItf+BV3XHSlHYBPHJqXbmxoRj3cQpRnRu9cdTxfo:zc62dAK4tf+BVHHkIoRj3cQD
Static task
static1
Behavioral task
behavioral1
Sample
534626a8c3a30795caf0e99919909638f4b633d960c4cda0175e57f1f26510ad.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
grome
77.91.124.86:19084
Extracted
redline
kinza
77.91.124.86:19084
Targets
-
-
Target
534626a8c3a30795caf0e99919909638f4b633d960c4cda0175e57f1f26510ad
-
Size
957KB
-
MD5
7fddcf540cb9f29af3cdc44886ce0de9
-
SHA1
3140a08741862577e3c7b78b0b021c9f6671b437
-
SHA256
534626a8c3a30795caf0e99919909638f4b633d960c4cda0175e57f1f26510ad
-
SHA512
ab9a6ee19688c3cbfd1a1e7a95a221050d595727a47ec87110f688570f454475e1269b765cda3e379240033a0a75afb789525aeaa898164256ea62b350e36b5d
-
SSDEEP
12288:WbccNo2dAKlpItf+BV3XHSlHYBPHJqXbmxoRj3cQpRnRu9cdTxfo:zc62dAK4tf+BVHHkIoRj3cQD
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-