General
-
Target
b743d5ff6de9ac3045a1c215e1153746479cddb1ff9dc2b404293cd5dbe09a23
-
Size
1.4MB
-
Sample
231101-3f1nmsec51
-
MD5
eba59032ceca3ff5b80c19d6f70adaa7
-
SHA1
bbd200387ef27b26ddd0e6f01d48d7f8317a1aac
-
SHA256
b743d5ff6de9ac3045a1c215e1153746479cddb1ff9dc2b404293cd5dbe09a23
-
SHA512
e7a0de826e01b8bae960cc8178e610e36e4ad4304d9152522525af52554faa561a17e0d4915bfc1fa862d3be51d903f334ede523eb5ea25c2132341f48f77335
-
SSDEEP
24576:Uypza2xJjSu/7MMi23bvBSqwO2OYpfKolj3YuvHfFbuiUAiqVUSnFci:jpT9n/wMi8NSAZSPouvfFbuiUgV1c
Static task
static1
Behavioral task
behavioral1
Sample
b743d5ff6de9ac3045a1c215e1153746479cddb1ff9dc2b404293cd5dbe09a23.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
grome
77.91.124.86:19084
Extracted
redline
kinza
77.91.124.86:19084
Targets
-
-
Target
b743d5ff6de9ac3045a1c215e1153746479cddb1ff9dc2b404293cd5dbe09a23
-
Size
1.4MB
-
MD5
eba59032ceca3ff5b80c19d6f70adaa7
-
SHA1
bbd200387ef27b26ddd0e6f01d48d7f8317a1aac
-
SHA256
b743d5ff6de9ac3045a1c215e1153746479cddb1ff9dc2b404293cd5dbe09a23
-
SHA512
e7a0de826e01b8bae960cc8178e610e36e4ad4304d9152522525af52554faa561a17e0d4915bfc1fa862d3be51d903f334ede523eb5ea25c2132341f48f77335
-
SSDEEP
24576:Uypza2xJjSu/7MMi23bvBSqwO2OYpfKolj3YuvHfFbuiUAiqVUSnFci:jpT9n/wMi8NSAZSPouvfFbuiUgV1c
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1