General
-
Target
ccb2847bd73c1ce9cb230ec372c62e356af896a1f4489b0f667e957108428f48
-
Size
1.5MB
-
Sample
231101-tve6taad6t
-
MD5
73745ab73fcf8d7dc185b33bb2f4d6da
-
SHA1
04d9af12dfa98211187ff02e15b2464bfaf8c70c
-
SHA256
51fd3fd7032b5e14cc9c745f97134ee908ef6e8bc09c1c8c210ba9316ccc1786
-
SHA512
b83a071ddfa3b6a422c30e0d03f0f831289e06e5f7c0495d161bbe060613cf00275119401d7f027d740f5168ebd7d3c73a230d6488a574d56c8dce803faf5519
-
SSDEEP
24576:WPPyEahJkk4ZoxhVKSLnXY8uvIeMDxCNxl62NvJaSrN9OB8TGCP:YaET7ZoxhV/luWDxCNFNBN928j
Static task
static1
Behavioral task
behavioral1
Sample
ccb2847bd73c1ce9cb230ec372c62e356af896a1f4489b0f667e957108428f48.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
grome
77.91.124.86:19084
Extracted
amadey
3.89
http://77.91.124.1/theme/index.php
-
install_dir
fefffe8cea
-
install_file
explothe.exe
-
strings_key
36a96139c1118a354edf72b1080d4b2f
Targets
-
-
Target
ccb2847bd73c1ce9cb230ec372c62e356af896a1f4489b0f667e957108428f48
-
Size
1.5MB
-
MD5
6c853dd991323b03a0ab260bd4430d9b
-
SHA1
465fca207421807b49629cb7e4727c490bd7ed12
-
SHA256
ccb2847bd73c1ce9cb230ec372c62e356af896a1f4489b0f667e957108428f48
-
SHA512
b27e438a7d143dddb95445363051df2218983af83ca80e423aa7ef282deda60ee38a85bc95af2004493bcd8ca1be9d1d1bbc0df8a52135cb7df0eb28017e8b42
-
SSDEEP
24576:qymMwk4c94x7VcSdnXm8uvAeZT0/VCVluqpvnQ9V+FcTog:xmD7cix7VL3uTQ/VC7pvQ9Gc
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1