redline | a398510b2b1d99a9f8e2e6fb97ec28a3936d40efa1eb69974f89414a7eea7067 | Triage

Submit
Reports

Overview

overview

Static

static

3

dridex

windows10-2004-x64

Sharing

General

Target

a398510b2b1d99a9f8e2e6fb97ec28a3936d40efa1eb69974f89414a7eea7067
Size

957KB
Sample

231101-zq3zzaeg95
MD5

52429986b90dfa17cf78e9ae8e39a3ca
SHA1

d94348ca08ae3fa2c3069004001f5000099e91f0
SHA256

a398510b2b1d99a9f8e2e6fb97ec28a3936d40efa1eb69974f89414a7eea7067
SHA512

1523fa85e542f027bdc8d1021c5e5760d420c5fb8c80dae64e4761e5f461852b491600d901dae992b13470671555c8695017ef7658270d84f5fb4ead30b0fcf1
SSDEEP

12288:PbcgTo2dAKlpItf+BV3XHSlHYBPHJqXbmxoRj3cQpRnRu9cdToWkz+:ogE2dAK4tf+BVHHkIoRj3cQD4

Score

10^/10

redline smokeloader grome kinza backdoor infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a398510b2b1d99a9f8e2e6fb97ec28a3936d40efa1eb69974f89414a7eea7067.exe

Resource

win10v2004-20231023-en

redline smokeloader grome kinza backdoor infostealer persistence trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32

rc4.i32

Extracted

Family

redline

Botnet

grome

C2

77.91.124.86:19084

Extracted

Family

redline

Botnet

kinza

C2

77.91.124.86:19084

Targets

- Target
  
  a398510b2b1d99a9f8e2e6fb97ec28a3936d40efa1eb69974f89414a7eea7067
- Size
  
  957KB
- MD5
  
  52429986b90dfa17cf78e9ae8e39a3ca
- SHA1
  
  d94348ca08ae3fa2c3069004001f5000099e91f0
- SHA256
  
  a398510b2b1d99a9f8e2e6fb97ec28a3936d40efa1eb69974f89414a7eea7067
- SHA512
  
  1523fa85e542f027bdc8d1021c5e5760d420c5fb8c80dae64e4761e5f461852b491600d901dae992b13470671555c8695017ef7658270d84f5fb4ead30b0fcf1
- SSDEEP
  
  12288:PbcgTo2dAKlpItf+BV3XHSlHYBPHJqXbmxoRj3cQpRnRu9cdToWkz+:ogE2dAK4tf+BVHHkIoRj3cQD4
Score

10^/10

redline smokeloader grome kinza backdoor infostealer persistence trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinesmokeloadergromekinzabackdoorinfostealerpersistencetrojan

© 2018-2024

Terms | Privacy