General
-
Target
25af15773a8bb1e526700551d0cb89976b3d103e1164f7b2a17e8ae9e553c188
-
Size
957KB
-
Sample
231101-z1pkbsdb9t
-
MD5
8697bf0a75b558372d40f4ec62c1fd34
-
SHA1
8558f1b9035fb6710a75bf379f2a0accb6d79f05
-
SHA256
25af15773a8bb1e526700551d0cb89976b3d103e1164f7b2a17e8ae9e553c188
-
SHA512
9552881cb83b62fa5a19b5aa824da7da251205cc9e1e3bde074ce4aabc028db92e9f974dfbecb72a5817c2eb547f2e21dbd2dba60248caaeb3d000e3cb57434c
-
SSDEEP
12288:6bcfxo2dAKlpItf+BV3XHSlHYBPHJqXbmxoRj3cQpRnRu9cdTTk:Hfu2dAK4tf+BVHHkIoRj3cQD
Static task
static1
Behavioral task
behavioral1
Sample
25af15773a8bb1e526700551d0cb89976b3d103e1164f7b2a17e8ae9e553c188.exe
Resource
win10-20231020-en
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
grome
77.91.124.86:19084
Targets
-
-
Target
25af15773a8bb1e526700551d0cb89976b3d103e1164f7b2a17e8ae9e553c188
-
Size
957KB
-
MD5
8697bf0a75b558372d40f4ec62c1fd34
-
SHA1
8558f1b9035fb6710a75bf379f2a0accb6d79f05
-
SHA256
25af15773a8bb1e526700551d0cb89976b3d103e1164f7b2a17e8ae9e553c188
-
SHA512
9552881cb83b62fa5a19b5aa824da7da251205cc9e1e3bde074ce4aabc028db92e9f974dfbecb72a5817c2eb547f2e21dbd2dba60248caaeb3d000e3cb57434c
-
SSDEEP
12288:6bcfxo2dAKlpItf+BV3XHSlHYBPHJqXbmxoRj3cQpRnRu9cdTTk:Hfu2dAK4tf+BVHHkIoRj3cQD
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-