redline | a398510b2b1d99a9f8e2e6fb97ec28a3936d40efa1eb69974f89414a7eea7067 | Triage

Submit
Reports

Overview

overview

Static

static

3

dridex

windows10-2004-x64

Sharing

General

Target

a398510b2b1d99a9f8e2e6fb97ec28a3936d40efa1eb69974f89414a7eea7067
Size

957KB
Sample

231101-zq3zzaeg95
MD5

52429986b90dfa17cf78e9ae8e39a3ca
SHA1

d94348ca08ae3fa2c3069004001f5000099e91f0
SHA256

a398510b2b1d99a9f8e2e6fb97ec28a3936d40efa1eb69974f89414a7eea7067
SHA512

1523fa85e542f027bdc8d1021c5e5760d420c5fb8c80dae64e4761e5f461852b491600d901dae992b13470671555c8695017ef7658270d84f5fb4ead30b0fcf1
SSDEEP

12288:PbcgTo2dAKlpItf+BV3XHSlHYBPHJqXbmxoRj3cQpRnRu9cdToWkz+:ogE2dAK4tf+BVHHkIoRj3cQD4

Score

10^/10

redline smokeloader grome kinza backdoor infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a398510b2b1d99a9f8e2e6fb97ec28a3936d40efa1eb69974f89414a7eea7067.exe

Resource

win10v2004-20231023-en

redline smokeloader grome kinza backdoor infostealer persistence trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32

rc4.i32

Extracted

Family

redline

Botnet

grome

C2

77.91.124.86:19084

Extracted

Family

redline

Botnet

kinza

C2

77.91.124.86:19084

Targets

- Target
  
  a398510b2b1d99a9f8e2e6fb97ec28a3936d40efa1eb69974f89414a7eea7067
- Size
  
  957KB
- MD5
  
  52429986b90dfa17cf78e9ae8e39a3ca
- SHA1
  
  d94348ca08ae3fa2c3069004001f5000099e91f0
- SHA256
  
  a398510b2b1d99a9f8e2e6fb97ec28a3936d40efa1eb69974f89414a7eea7067
- SHA512
  
  1523fa85e542f027bdc8d1021c5e5760d420c5fb8c80dae64e4761e5f461852b491600d901dae992b13470671555c8695017ef7658270d84f5fb4ead30b0fcf1
- SSDEEP
  
  12288:PbcgTo2dAKlpItf+BV3XHSlHYBPHJqXbmxoRj3cQpRnRu9cdToWkz+:ogE2dAK4tf+BVHHkIoRj3cQD4
Score

10^/10

redline smokeloader grome kinza backdoor infostealer persistence trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesmokeloadergromekinzabackdoorinfostealerpersistencetrojan

© 2018-2024

Terms | Privacy