General
-
Target
NEAS.16443e8d20f14674fe9a4f083ae731f0.exe
-
Size
1.0MB
-
Sample
231101-q7gnmahh81
-
MD5
16443e8d20f14674fe9a4f083ae731f0
-
SHA1
6b52211ae1e07640db5fb1db96fcda201b384633
-
SHA256
cce41e3bcbdf998e7f605a097628d7ea83191f0c9bb614cf4263d5a6f9baf743
-
SHA512
b66239364fba20a1153c132557f80d201ada356f2921005c62901813451e0fe22d520727db60facdaa794616210bd91951e5492b80db467cdb2fc2b62fafe0f2
-
SSDEEP
24576:gyOz1BSVE4L3QZJsXQokQaBkKCi92nnMbiqKk2TmhP:n4PSq4L3QrokQaBLC9+qa
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
grome
77.91.124.86:19084
Targets
-
-
Target
NEAS.16443e8d20f14674fe9a4f083ae731f0.exe
-
Size
1.0MB
-
MD5
16443e8d20f14674fe9a4f083ae731f0
-
SHA1
6b52211ae1e07640db5fb1db96fcda201b384633
-
SHA256
cce41e3bcbdf998e7f605a097628d7ea83191f0c9bb614cf4263d5a6f9baf743
-
SHA512
b66239364fba20a1153c132557f80d201ada356f2921005c62901813451e0fe22d520727db60facdaa794616210bd91951e5492b80db467cdb2fc2b62fafe0f2
-
SSDEEP
24576:gyOz1BSVE4L3QZJsXQokQaBkKCi92nnMbiqKk2TmhP:n4PSq4L3QrokQaBLC9+qa
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1