redline | 720a137120beabd397b3fa8aa65311ed95d70ccd0be69560ae11c69b3bba2070 | Triage

Submit
Reports

Overview

overview

Static

static

3

8ea01ef553...7c.exe

windows7-x64

8ea01ef553...7c.exe

windows10-2004-x64

Sharing

General

Target

8ea01ef553dc304b6d993e057b6e66afac6e17aba6974fcea919710ebf00f87c
Size

321KB
Sample

231101-zxx3asdb7x
MD5

41ca65a196e07f45cb48e7cca10ab7f6
SHA1

09e5f8913e937a2e5318f0c65d9220ee3b24a481
SHA256

720a137120beabd397b3fa8aa65311ed95d70ccd0be69560ae11c69b3bba2070
SHA512

15961b14799a30ac84b7706e20a3ec92a62a1d4b4bec2e67e61f3472456d432898133311aecb21dfaeab00ea6f6ba2f5372fb3ba9cc353179e6b6c25dfabb7f1
SSDEEP

6144:PvP+JjiZUf6aPLIXKxWn0/psGDM80+G75tYm1XXK5kFTTVSPLA1HM7oxuq:yiZUfCaE0J/jGt9llFTOUM7oR

Score

10^/10

redline smokeloader grome kinza backdoor paypal infostealer persistence phishing trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8ea01ef553dc304b6d993e057b6e66afac6e17aba6974fcea919710ebf00f87c.exe

Resource

win7-20231020-en

redline smokeloader grome backdoor infostealer persistence trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

8ea01ef553dc304b6d993e057b6e66afac6e17aba6974fcea919710ebf00f87c.exe

Resource

win10v2004-20231020-en

redline smokeloader grome kinza backdoor paypal infostealer persistence phishing trojan

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32

rc4.i32

Extracted

Family

redline

Botnet

grome

C2

77.91.124.86:19084

Extracted

Family

redline

Botnet

kinza

C2

77.91.124.86:19084

Targets

- Target
  
  8ea01ef553dc304b6d993e057b6e66afac6e17aba6974fcea919710ebf00f87c
- Size
  
  891KB
- MD5
  
  bd7e6c198a10fe818baca60b8556e325
- SHA1
  
  86245db002f250fe2d7dbdbceed4ef25c7fd30e4
- SHA256
  
  8ea01ef553dc304b6d993e057b6e66afac6e17aba6974fcea919710ebf00f87c
- SHA512
  
  c7094ac7f6b06b3506961291ed355e1f52b5cdbf01a007d449c147c8cda9e72e5684e484c4a647cdf069b03f3da8bb5cb7937110d7463ccfd01c7accf952b1c9
- SSDEEP
  
  12288:lqQP7pl7rmNwdUUEE+qgkelONXeODG9KDFRXKziu2ypyIz:B9hmNwdUUEE+B+N7S9KDFq
Score

10^/10

redline smokeloader grome backdoor infostealer persistence trojan kinza paypal phishing
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Detected potential entity reuse from brand paypal.
  phishing paypal
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinesmokeloadergromebackdoorinfostealerpersistencetrojan

behavioral2

redlinesmokeloadergromekinzabackdoorpaypalinfostealerpersistencephishingtrojan

© 2018-2024

Terms | Privacy