General
-
Target
ec249d5d9d6ed36215c66b94c922b229167a01fc1dc37d55d70e78b2c87efc5f
-
Size
957KB
-
Sample
231101-zwmvyaeh55
-
MD5
16ecb315f9db703a5397af14d52615d6
-
SHA1
8a16699523213409e934db948f380d3b22217848
-
SHA256
ec249d5d9d6ed36215c66b94c922b229167a01fc1dc37d55d70e78b2c87efc5f
-
SHA512
afa06027ffdf7652ca1ba7b212ff28338e4cb919955db5729a584ef90915496f0a2a900f0a66289717231eac2ff42e7ef6c0fc95b6885931783b2ababaca2710
-
SSDEEP
12288:Ebclpo2dAKlpItf+BV3XHSlHYBPHJqXbmxoRj3cQpRnRu9cdTYrtj2Z:RlW2dAK4tf+BVHHkIoRj3cQDoj2
Static task
static1
Behavioral task
behavioral1
Sample
ec249d5d9d6ed36215c66b94c922b229167a01fc1dc37d55d70e78b2c87efc5f.exe
Resource
win10v2004-20231025-en
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
grome
77.91.124.86:19084
Extracted
redline
kinza
77.91.124.86:19084
Targets
-
-
Target
ec249d5d9d6ed36215c66b94c922b229167a01fc1dc37d55d70e78b2c87efc5f
-
Size
957KB
-
MD5
16ecb315f9db703a5397af14d52615d6
-
SHA1
8a16699523213409e934db948f380d3b22217848
-
SHA256
ec249d5d9d6ed36215c66b94c922b229167a01fc1dc37d55d70e78b2c87efc5f
-
SHA512
afa06027ffdf7652ca1ba7b212ff28338e4cb919955db5729a584ef90915496f0a2a900f0a66289717231eac2ff42e7ef6c0fc95b6885931783b2ababaca2710
-
SSDEEP
12288:Ebclpo2dAKlpItf+BV3XHSlHYBPHJqXbmxoRj3cQpRnRu9cdTYrtj2Z:RlW2dAK4tf+BVHHkIoRj3cQDoj2
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-