General
-
Target
bb251c4ace67ff7cec57c121b69776009ad72aef54a1dd35957a1aab5c81bbaa
-
Size
1.4MB
-
Sample
231101-yvcg5scg21
-
MD5
80ba0a0a5c14668b1485d553d5daba7c
-
SHA1
01d27ecb47b0473c89c3cb2cd3271521e3d1ebda
-
SHA256
bb251c4ace67ff7cec57c121b69776009ad72aef54a1dd35957a1aab5c81bbaa
-
SHA512
ab5b6826c8dfa3afb5298459f552ec6e40790c8ef8f8b09ccdec40da24232d69b5d580e5213dfa9b737f610fa05c626d9bf6b1cab5b29b5305f41dea7c987c1e
-
SSDEEP
24576:KycTAvJBoOu0suK0uq9cLMAgAnezKNG4XzjHBXhHlmzreGSWe3tjs84uc4Fd0D:RcTAvP/uPupurICnrlXzjHTEeGS53xs8
Static task
static1
Behavioral task
behavioral1
Sample
bb251c4ace67ff7cec57c121b69776009ad72aef54a1dd35957a1aab5c81bbaa.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
grome
77.91.124.86:19084
Targets
-
-
Target
bb251c4ace67ff7cec57c121b69776009ad72aef54a1dd35957a1aab5c81bbaa
-
Size
1.4MB
-
MD5
80ba0a0a5c14668b1485d553d5daba7c
-
SHA1
01d27ecb47b0473c89c3cb2cd3271521e3d1ebda
-
SHA256
bb251c4ace67ff7cec57c121b69776009ad72aef54a1dd35957a1aab5c81bbaa
-
SHA512
ab5b6826c8dfa3afb5298459f552ec6e40790c8ef8f8b09ccdec40da24232d69b5d580e5213dfa9b737f610fa05c626d9bf6b1cab5b29b5305f41dea7c987c1e
-
SSDEEP
24576:KycTAvJBoOu0suK0uq9cLMAgAnezKNG4XzjHBXhHlmzreGSWe3tjs84uc4Fd0D:RcTAvP/uPupurICnrlXzjHTEeGS53xs8
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1