redline | 534626a8c3a30795caf0e99919909638f4b633d960c4cda0175e57f1f26510ad | Triage

Submit
Reports

Overview

overview

Static

static

3

dridex

windows10-2004-x64

Sharing

General

Target

534626a8c3a30795caf0e99919909638f4b633d960c4cda0175e57f1f26510ad
Size

957KB
Sample

231101-2sqhrsfg39
MD5

7fddcf540cb9f29af3cdc44886ce0de9
SHA1

3140a08741862577e3c7b78b0b021c9f6671b437
SHA256

534626a8c3a30795caf0e99919909638f4b633d960c4cda0175e57f1f26510ad
SHA512

ab9a6ee19688c3cbfd1a1e7a95a221050d595727a47ec87110f688570f454475e1269b765cda3e379240033a0a75afb789525aeaa898164256ea62b350e36b5d
SSDEEP

12288:WbccNo2dAKlpItf+BV3XHSlHYBPHJqXbmxoRj3cQpRnRu9cdTxfo:zc62dAK4tf+BVHHkIoRj3cQD

Score

10^/10

redline smokeloader grome kinza backdoor infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

534626a8c3a30795caf0e99919909638f4b633d960c4cda0175e57f1f26510ad.exe

Resource

win10v2004-20231020-en

redline smokeloader grome kinza backdoor infostealer persistence trojan

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32

rc4.i32

Extracted

Family

redline

Botnet

grome

C2

77.91.124.86:19084

Extracted

Family

redline

Botnet

kinza

C2

77.91.124.86:19084

Targets

- Target
  
  534626a8c3a30795caf0e99919909638f4b633d960c4cda0175e57f1f26510ad
- Size
  
  957KB
- MD5
  
  7fddcf540cb9f29af3cdc44886ce0de9
- SHA1
  
  3140a08741862577e3c7b78b0b021c9f6671b437
- SHA256
  
  534626a8c3a30795caf0e99919909638f4b633d960c4cda0175e57f1f26510ad
- SHA512
  
  ab9a6ee19688c3cbfd1a1e7a95a221050d595727a47ec87110f688570f454475e1269b765cda3e379240033a0a75afb789525aeaa898164256ea62b350e36b5d
- SSDEEP
  
  12288:WbccNo2dAKlpItf+BV3XHSlHYBPHJqXbmxoRj3cQpRnRu9cdTxfo:zc62dAK4tf+BVHHkIoRj3cQD
Score

10^/10

redline smokeloader grome kinza backdoor infostealer persistence trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinesmokeloadergromekinzabackdoorinfostealerpersistencetrojan

© 2018-2024

Terms | Privacy