General
-
Target
d70c78709aed556d398e6144a7c8b607cc4b80c955a50fa60aa29fb21c3614be
-
Size
957KB
-
Sample
231101-zlz3hsda9s
-
MD5
cbe32f1fcf5a77fe198bccdce3067827
-
SHA1
9f542ad5bc75e53bce25a79281a9ae9986f1cb95
-
SHA256
d70c78709aed556d398e6144a7c8b607cc4b80c955a50fa60aa29fb21c3614be
-
SHA512
069af973fb48f149f6c3bc42542fe1f21133787db19b832733c5781396c0bc4d70a0253602e70b5ee8e41bce5f1bbabf102322f6dd7575cd3f1d144f4a04d1db
-
SSDEEP
12288:KbcUfo2dAKlpItf+BV3XHSlHYBPHJqXbmxoRj3cQpRnRu9cdTEkV:XUw2dAK4tf+BVHHkIoRj3cQD
Static task
static1
Behavioral task
behavioral1
Sample
d70c78709aed556d398e6144a7c8b607cc4b80c955a50fa60aa29fb21c3614be.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
grome
77.91.124.86:19084
Targets
-
-
Target
d70c78709aed556d398e6144a7c8b607cc4b80c955a50fa60aa29fb21c3614be
-
Size
957KB
-
MD5
cbe32f1fcf5a77fe198bccdce3067827
-
SHA1
9f542ad5bc75e53bce25a79281a9ae9986f1cb95
-
SHA256
d70c78709aed556d398e6144a7c8b607cc4b80c955a50fa60aa29fb21c3614be
-
SHA512
069af973fb48f149f6c3bc42542fe1f21133787db19b832733c5781396c0bc4d70a0253602e70b5ee8e41bce5f1bbabf102322f6dd7575cd3f1d144f4a04d1db
-
SSDEEP
12288:KbcUfo2dAKlpItf+BV3XHSlHYBPHJqXbmxoRj3cQpRnRu9cdTEkV:XUw2dAK4tf+BVHHkIoRj3cQD
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-