General
-
Target
253f5322640a56f7b7cfb0002fd3c6fd269bfa7e423c42c581e4857ff91726d2
-
Size
957KB
-
Sample
231102-af3tsagc59
-
MD5
fd9632f4c6e57797db9c6f2ec430dec1
-
SHA1
afd333896a4830d5b8ff7a5f29b0861d761e0585
-
SHA256
253f5322640a56f7b7cfb0002fd3c6fd269bfa7e423c42c581e4857ff91726d2
-
SHA512
7352462d55c186bfacfbd4c2a78aa2e0587a6ecaf495604ebdd22c839d789f11d3b2504b2cf4588b40d3f5f185fe574f4a7ab7ff381cf8fbd45a2e67bda9241f
-
SSDEEP
12288:4ZnnLd7t+F2dAmPgklFFIe+L1XoRxz15114FRuWpELaXGL9u9cORHrv:4b7i2dAmPgklFFx1v1uuWpEY2i
Static task
static1
Behavioral task
behavioral1
Sample
253f5322640a56f7b7cfb0002fd3c6fd269bfa7e423c42c581e4857ff91726d2.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
grome
77.91.124.86:19084
Extracted
redline
kinza
77.91.124.86:19084
Targets
-
-
Target
253f5322640a56f7b7cfb0002fd3c6fd269bfa7e423c42c581e4857ff91726d2
-
Size
957KB
-
MD5
fd9632f4c6e57797db9c6f2ec430dec1
-
SHA1
afd333896a4830d5b8ff7a5f29b0861d761e0585
-
SHA256
253f5322640a56f7b7cfb0002fd3c6fd269bfa7e423c42c581e4857ff91726d2
-
SHA512
7352462d55c186bfacfbd4c2a78aa2e0587a6ecaf495604ebdd22c839d789f11d3b2504b2cf4588b40d3f5f185fe574f4a7ab7ff381cf8fbd45a2e67bda9241f
-
SSDEEP
12288:4ZnnLd7t+F2dAmPgklFFIe+L1XoRxz15114FRuWpELaXGL9u9cORHrv:4b7i2dAmPgklFFx1v1uuWpEY2i
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-