General
-
Target
f76fdaab02051094bc8502dd99759a7282a86da6cc90c8cd42d1650d0316a83a
-
Size
1.4MB
-
Sample
231101-3cbkcaga27
-
MD5
e8335498511b56b964ecd4a5c73850e3
-
SHA1
3d8c478b4a5c21736a91d9470fb98477607583d6
-
SHA256
f76fdaab02051094bc8502dd99759a7282a86da6cc90c8cd42d1650d0316a83a
-
SHA512
a88c7391f64a6aaf6248e5a35895d25e1541c486ecd7193f5ccee4f5ecf52f7af5743c94083ef9d767002725b35338d84cac94fe2b7ffdda2600b4d114f46490
-
SSDEEP
24576:oySV+WJf3QuJD5WrszKwd262NBd70dsBFC73DK/pE9Si6yPdyU2oMS2Pf:viVJf3BJDQrszNKBZ0dsBFCNSiX6S2
Static task
static1
Behavioral task
behavioral1
Sample
f76fdaab02051094bc8502dd99759a7282a86da6cc90c8cd42d1650d0316a83a.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
grome
77.91.124.86:19084
Extracted
redline
kinza
77.91.124.86:19084
Targets
-
-
Target
f76fdaab02051094bc8502dd99759a7282a86da6cc90c8cd42d1650d0316a83a
-
Size
1.4MB
-
MD5
e8335498511b56b964ecd4a5c73850e3
-
SHA1
3d8c478b4a5c21736a91d9470fb98477607583d6
-
SHA256
f76fdaab02051094bc8502dd99759a7282a86da6cc90c8cd42d1650d0316a83a
-
SHA512
a88c7391f64a6aaf6248e5a35895d25e1541c486ecd7193f5ccee4f5ecf52f7af5743c94083ef9d767002725b35338d84cac94fe2b7ffdda2600b4d114f46490
-
SSDEEP
24576:oySV+WJf3QuJD5WrszKwd262NBd70dsBFC73DK/pE9Si6yPdyU2oMS2Pf:viVJf3BJDQrszNKBZ0dsBFCNSiX6S2
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1