General
-
Target
NEAS.6495d2ca3dd6a4b99c2eea97263d8d90.exe
-
Size
1.0MB
-
Sample
231101-rg1t9aec72
-
MD5
6495d2ca3dd6a4b99c2eea97263d8d90
-
SHA1
392229589db4bd1c21cca7f2f6ff55804cd4b00e
-
SHA256
708ed8e6c65b5c9069f630b7e7f78c01a6ae97ef961f045fce91480f2d4f6c2f
-
SHA512
e5dbcb771c7aa536f960c571a8a10c3cb4ad19c56d34449faa6ad7c3763658fe6c8569333cb24ab9e3e906ec96099267de982d7847959fdd045dd24f1c1d109a
-
SSDEEP
24576:Jy+GZhQfo8aJ7DQbOdrvxXbBYl3rdDF6pxstjxxJz+BLe4pe:8+GvQPbODLqlJWoz+BiK
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.6495d2ca3dd6a4b99c2eea97263d8d90.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
grome
77.91.124.86:19084
Targets
-
-
Target
NEAS.6495d2ca3dd6a4b99c2eea97263d8d90.exe
-
Size
1.0MB
-
MD5
6495d2ca3dd6a4b99c2eea97263d8d90
-
SHA1
392229589db4bd1c21cca7f2f6ff55804cd4b00e
-
SHA256
708ed8e6c65b5c9069f630b7e7f78c01a6ae97ef961f045fce91480f2d4f6c2f
-
SHA512
e5dbcb771c7aa536f960c571a8a10c3cb4ad19c56d34449faa6ad7c3763658fe6c8569333cb24ab9e3e906ec96099267de982d7847959fdd045dd24f1c1d109a
-
SSDEEP
24576:Jy+GZhQfo8aJ7DQbOdrvxXbBYl3rdDF6pxstjxxJz+BLe4pe:8+GvQPbODLqlJWoz+BiK
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1