General
-
Target
a2dd865e34a468b4967dbf31339629e1990e29fd0b2427d87f33001797d7a5fb
-
Size
957KB
-
Sample
231101-3tq2csed51
-
MD5
97e82ff2bb4f600d8b4c4dba2a3fa3c0
-
SHA1
8e5e57d3c85d0a05b6ac252f11859994c4222002
-
SHA256
a2dd865e34a468b4967dbf31339629e1990e29fd0b2427d87f33001797d7a5fb
-
SHA512
aaad011224eca4e34c4b2b1b6505c60c26dbd3cc441541135beeaa77e899acfae03ee491c4e183c637b21df48ea0abaa935955dc492c23c5e5a4f476545322ad
-
SSDEEP
12288:kbc03o2dAKlpItf+BV3XHSlHYBPHJqXbmxoRj3cQpRnRu9cdT14:x042dAK4tf+BVHHkIoRj3cQD
Static task
static1
Behavioral task
behavioral1
Sample
a2dd865e34a468b4967dbf31339629e1990e29fd0b2427d87f33001797d7a5fb.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
grome
77.91.124.86:19084
Extracted
redline
kinza
77.91.124.86:19084
Targets
-
-
Target
a2dd865e34a468b4967dbf31339629e1990e29fd0b2427d87f33001797d7a5fb
-
Size
957KB
-
MD5
97e82ff2bb4f600d8b4c4dba2a3fa3c0
-
SHA1
8e5e57d3c85d0a05b6ac252f11859994c4222002
-
SHA256
a2dd865e34a468b4967dbf31339629e1990e29fd0b2427d87f33001797d7a5fb
-
SHA512
aaad011224eca4e34c4b2b1b6505c60c26dbd3cc441541135beeaa77e899acfae03ee491c4e183c637b21df48ea0abaa935955dc492c23c5e5a4f476545322ad
-
SSDEEP
12288:kbc03o2dAKlpItf+BV3XHSlHYBPHJqXbmxoRj3cQpRnRu9cdT14:x042dAK4tf+BVHHkIoRj3cQD
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-