General
-
Target
NEAS.bc876471815d8bdc6a379903afed56c0.exe
-
Size
649KB
-
Sample
231101-rmlyaafc41
-
MD5
bc876471815d8bdc6a379903afed56c0
-
SHA1
a9bdedea71750d862871c702f08f0510d90c6c8d
-
SHA256
2c5857a76b2b8b5bb53c459bf1a78d25c5849c52aee7e06b6955b0579732beb0
-
SHA512
802a09e082b13fec3b0128ad57e5958a5175414d45132d00b8070e8cbaf716e77da7be8004ba5fed76e16f009b47b0e6c7fd31562ccf7ccf2f04308315c07a96
-
SSDEEP
12288:6MrAy90WFX1xppr4xr/n3izfbQBBFLSZsF6D9qEr09/Io1EIECie3Md:eytXGD3ibsb71EIECie3Md
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.bc876471815d8bdc6a379903afed56c0.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
grome
77.91.124.86:19084
Extracted
redline
kinza
77.91.124.86:19084
Targets
-
-
Target
NEAS.bc876471815d8bdc6a379903afed56c0.exe
-
Size
649KB
-
MD5
bc876471815d8bdc6a379903afed56c0
-
SHA1
a9bdedea71750d862871c702f08f0510d90c6c8d
-
SHA256
2c5857a76b2b8b5bb53c459bf1a78d25c5849c52aee7e06b6955b0579732beb0
-
SHA512
802a09e082b13fec3b0128ad57e5958a5175414d45132d00b8070e8cbaf716e77da7be8004ba5fed76e16f009b47b0e6c7fd31562ccf7ccf2f04308315c07a96
-
SSDEEP
12288:6MrAy90WFX1xppr4xr/n3izfbQBBFLSZsF6D9qEr09/Io1EIECie3Md:eytXGD3ibsb71EIECie3Md
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1