General
-
Target
44ecd32c6fa385d1db148545bf8071bc4eb0a5459997a7d715aa4b38e3216f15
-
Size
1.4MB
-
Sample
231101-v7mxvsbb5z
-
MD5
34177e4b50df8ed2292d5b836151ee38
-
SHA1
f8b67d87593a550fa9fc09ca14184a6f787b2d2f
-
SHA256
44ecd32c6fa385d1db148545bf8071bc4eb0a5459997a7d715aa4b38e3216f15
-
SHA512
3e8bb69a93a9f855aa1f3419c55549fc4c7c4d1178a5aa601a2a26a50c9782d8c541be4fa0bcc69debe27428c26dc98f53a0a23743a666cb8f5107ed65ca87ad
-
SSDEEP
24576:iyj8Cfnysrgytyk3dHsqa1CLcIdmL/5n6/jm46sVl5Ecf/a+QFNDNf/9:JjZfysrdyo2pIds16bS2vHfi+QFJl/
Static task
static1
Behavioral task
behavioral1
Sample
44ecd32c6fa385d1db148545bf8071bc4eb0a5459997a7d715aa4b38e3216f15.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
grome
77.91.124.86:19084
Targets
-
-
Target
44ecd32c6fa385d1db148545bf8071bc4eb0a5459997a7d715aa4b38e3216f15
-
Size
1.4MB
-
MD5
34177e4b50df8ed2292d5b836151ee38
-
SHA1
f8b67d87593a550fa9fc09ca14184a6f787b2d2f
-
SHA256
44ecd32c6fa385d1db148545bf8071bc4eb0a5459997a7d715aa4b38e3216f15
-
SHA512
3e8bb69a93a9f855aa1f3419c55549fc4c7c4d1178a5aa601a2a26a50c9782d8c541be4fa0bcc69debe27428c26dc98f53a0a23743a666cb8f5107ed65ca87ad
-
SSDEEP
24576:iyj8Cfnysrgytyk3dHsqa1CLcIdmL/5n6/jm46sVl5Ecf/a+QFNDNf/9:JjZfysrdyo2pIds16bS2vHfi+QFJl/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1