General
-
Target
8455fd179bd56310774f833b7227d2621ee82550897a415d4f04317644539776
-
Size
1.5MB
-
Sample
231101-yzywyaee28
-
MD5
981045f0ff19b6d48f6307f110124f59
-
SHA1
bdf48e8906a82420d3637bd8ba555ff813d0dbc6
-
SHA256
aaf9e5e982855231125320fb13be37e5e03d0666ed6660b7e058307e48d5209a
-
SHA512
9905cc3a3487c445d70a78a832104880d499f9adec96702225b6c9e17abe317ea8a71d16af8956055ef2a4434976bdacddd75f26388c6c2889f8d84d5f9be0e7
-
SSDEEP
24576:iafyaVAlDcm94xD1EQRCkg2VzhyEhu/mgYYG+2KoXdGxTEEStROSiKPFc5irhePG:i5Zc6+DdRCeVtLcYYGHAxTEtt1PFcU0G
Static task
static1
Behavioral task
behavioral1
Sample
8455fd179bd56310774f833b7227d2621ee82550897a415d4f04317644539776.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
grome
77.91.124.86:19084
Extracted
amadey
3.89
http://77.91.124.1/theme/index.php
-
install_dir
fefffe8cea
-
install_file
explothe.exe
-
strings_key
36a96139c1118a354edf72b1080d4b2f
Targets
-
-
Target
8455fd179bd56310774f833b7227d2621ee82550897a415d4f04317644539776
-
Size
1.5MB
-
MD5
1e410234ff654c81de74d808ea511992
-
SHA1
e354b71e27cc4a46128821262a3d36286a25c7b2
-
SHA256
8455fd179bd56310774f833b7227d2621ee82550897a415d4f04317644539776
-
SHA512
faf45291a8e5bc432fa39cd3aaacc70f3cc3b71f94881c287b91725124f9d6c9a629429aadf334eb240a7bc00e90c41adebb4f3802fcb846fe000f4284e786fd
-
SSDEEP
24576:nyJB++l3g6xDREQ5CMggp7bJ8ru3mgKucMsB7dmlTbC9RPPFcDvOirpkPy:y1gsDp5CApnhKucvRklTe99PFcDvzm
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1