General
-
Target
ec0fc9718645dacd13165485d80d162f2f6bcb8fc4f47e09cc77675723986387
-
Size
957KB
-
Sample
231101-z9tweafa72
-
MD5
2240c31119ec09302c45e1be9ba4af18
-
SHA1
a4e7b80ea5344935978b7e502d66fac5ed9ba6b1
-
SHA256
ec0fc9718645dacd13165485d80d162f2f6bcb8fc4f47e09cc77675723986387
-
SHA512
0879a3a7e51513cdd467e1099118139c92f7ad437ef2a88ddc77e568bab8330a1fb1d22921e93aa7840c15ac24de607b5202f907f64dacf98abb05e9994002c5
-
SSDEEP
12288:wbcBBo2dAKlpItf+BV3XHSlHYBPHJqXbmxoRj3cQpRnRu9cdTw7TnPU:9B+2dAK4tf+BVHHkIoRj3cQD
Static task
static1
Behavioral task
behavioral1
Sample
ec0fc9718645dacd13165485d80d162f2f6bcb8fc4f47e09cc77675723986387.exe
Resource
win10-20231020-en
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
grome
77.91.124.86:19084
Targets
-
-
Target
ec0fc9718645dacd13165485d80d162f2f6bcb8fc4f47e09cc77675723986387
-
Size
957KB
-
MD5
2240c31119ec09302c45e1be9ba4af18
-
SHA1
a4e7b80ea5344935978b7e502d66fac5ed9ba6b1
-
SHA256
ec0fc9718645dacd13165485d80d162f2f6bcb8fc4f47e09cc77675723986387
-
SHA512
0879a3a7e51513cdd467e1099118139c92f7ad437ef2a88ddc77e568bab8330a1fb1d22921e93aa7840c15ac24de607b5202f907f64dacf98abb05e9994002c5
-
SSDEEP
12288:wbcBBo2dAKlpItf+BV3XHSlHYBPHJqXbmxoRj3cQpRnRu9cdTw7TnPU:9B+2dAK4tf+BVHHkIoRj3cQD
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-