General
-
Target
NEAS.bca4b9dce7765d67899605b446468ac0.exe
-
Size
1.0MB
-
Sample
231101-rml82sfc5s
-
MD5
bca4b9dce7765d67899605b446468ac0
-
SHA1
bc052a2f4790b6e20b83b435b77bf8d87e585d7e
-
SHA256
3b78add747f63fb7508b1e2a2e225a1afdfe1e4044a36e077654078a44930e2a
-
SHA512
1e2b1a28e2dc136de01ee6f9e11a2359b74510be352ce18801515153a5a196778064decfb9cfbc117e8074ffed812cd5746aa4cb1b0f81b1cd3f5696c829fe77
-
SSDEEP
24576:EyiNkP5NVBKizXjPybaqxWmMW6dADInf4hszNw1cd:T5BnBgXiNOInf4SzSm
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.bca4b9dce7765d67899605b446468ac0.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
grome
77.91.124.86:19084
Extracted
redline
kinza
77.91.124.86:19084
Targets
-
-
Target
NEAS.bca4b9dce7765d67899605b446468ac0.exe
-
Size
1.0MB
-
MD5
bca4b9dce7765d67899605b446468ac0
-
SHA1
bc052a2f4790b6e20b83b435b77bf8d87e585d7e
-
SHA256
3b78add747f63fb7508b1e2a2e225a1afdfe1e4044a36e077654078a44930e2a
-
SHA512
1e2b1a28e2dc136de01ee6f9e11a2359b74510be352ce18801515153a5a196778064decfb9cfbc117e8074ffed812cd5746aa4cb1b0f81b1cd3f5696c829fe77
-
SSDEEP
24576:EyiNkP5NVBKizXjPybaqxWmMW6dADInf4hszNw1cd:T5BnBgXiNOInf4SzSm
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1