General
-
Target
8ea01ef553dc304b6d993e057b6e66afac6e17aba6974fcea919710ebf00f87c
-
Size
321KB
-
Sample
231101-zxx3asdb7x
-
MD5
41ca65a196e07f45cb48e7cca10ab7f6
-
SHA1
09e5f8913e937a2e5318f0c65d9220ee3b24a481
-
SHA256
720a137120beabd397b3fa8aa65311ed95d70ccd0be69560ae11c69b3bba2070
-
SHA512
15961b14799a30ac84b7706e20a3ec92a62a1d4b4bec2e67e61f3472456d432898133311aecb21dfaeab00ea6f6ba2f5372fb3ba9cc353179e6b6c25dfabb7f1
-
SSDEEP
6144:PvP+JjiZUf6aPLIXKxWn0/psGDM80+G75tYm1XXK5kFTTVSPLA1HM7oxuq:yiZUfCaE0J/jGt9llFTOUM7oR
Static task
static1
Behavioral task
behavioral1
Sample
8ea01ef553dc304b6d993e057b6e66afac6e17aba6974fcea919710ebf00f87c.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
8ea01ef553dc304b6d993e057b6e66afac6e17aba6974fcea919710ebf00f87c.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
grome
77.91.124.86:19084
Extracted
redline
kinza
77.91.124.86:19084
Targets
-
-
Target
8ea01ef553dc304b6d993e057b6e66afac6e17aba6974fcea919710ebf00f87c
-
Size
891KB
-
MD5
bd7e6c198a10fe818baca60b8556e325
-
SHA1
86245db002f250fe2d7dbdbceed4ef25c7fd30e4
-
SHA256
8ea01ef553dc304b6d993e057b6e66afac6e17aba6974fcea919710ebf00f87c
-
SHA512
c7094ac7f6b06b3506961291ed355e1f52b5cdbf01a007d449c147c8cda9e72e5684e484c4a647cdf069b03f3da8bb5cb7937110d7463ccfd01c7accf952b1c9
-
SSDEEP
12288:lqQP7pl7rmNwdUUEE+qgkelONXeODG9KDFRXKziu2ypyIz:B9hmNwdUUEE+B+N7S9KDFq
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-