General
-
Target
77b4396a63db67e4124dbbe5b72638aa4972e3552d71e9a8f4790cde75e76a23
-
Size
1.4MB
-
Sample
231101-x5zjzscd2z
-
MD5
47ffb70914e5e0da3581d7d59363469a
-
SHA1
a1f539bce4c5b75ff195993ce17a338a984a783a
-
SHA256
77b4396a63db67e4124dbbe5b72638aa4972e3552d71e9a8f4790cde75e76a23
-
SHA512
0101058ca19728bf7cff1ada4456170f3088c46dfdb6c2b198d95bc531fcb66096106aebf0e22baa2f741b101df35d2ead9fdb451533a243b71bb219d47977f7
-
SSDEEP
24576:TyoZ2ElzQr9PtJCrxOMZ6renGTOcMIAJApadCE73XKW6wvI6JtJM3oKM78eaE:m02kQhPLCrgMGeGof7nt6wvjM/Mf
Static task
static1
Behavioral task
behavioral1
Sample
77b4396a63db67e4124dbbe5b72638aa4972e3552d71e9a8f4790cde75e76a23.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
grome
77.91.124.86:19084
Targets
-
-
Target
77b4396a63db67e4124dbbe5b72638aa4972e3552d71e9a8f4790cde75e76a23
-
Size
1.4MB
-
MD5
47ffb70914e5e0da3581d7d59363469a
-
SHA1
a1f539bce4c5b75ff195993ce17a338a984a783a
-
SHA256
77b4396a63db67e4124dbbe5b72638aa4972e3552d71e9a8f4790cde75e76a23
-
SHA512
0101058ca19728bf7cff1ada4456170f3088c46dfdb6c2b198d95bc531fcb66096106aebf0e22baa2f741b101df35d2ead9fdb451533a243b71bb219d47977f7
-
SSDEEP
24576:TyoZ2ElzQr9PtJCrxOMZ6renGTOcMIAJApadCE73XKW6wvI6JtJM3oKM78eaE:m02kQhPLCrgMGeGof7nt6wvjM/Mf
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1