General
-
Target
c2c322bbd9d0f85c368faacf7ed67bb008b8df59b454eea7434a4630730b44ce
-
Size
957KB
-
Sample
231102-anw17see9z
-
MD5
4f76ad74d8e5f900d3102da9305dca0a
-
SHA1
3a35d910edf703287a51fa43c5862624a75fbcfa
-
SHA256
c2c322bbd9d0f85c368faacf7ed67bb008b8df59b454eea7434a4630730b44ce
-
SHA512
312b46565e75dbb4851435b9d3369f1d2c5ad72c63285a7eddc591241901ca8f4b9ab8485d73c828b838d33cc6a5e8d829a6c36ea3342a5d6e59245a2be92600
-
SSDEEP
12288:Rbcxko2dAKlpItf+BV3XHSlHYBPHJqXbmxoRj3cQpRnRu9cdTH4:qxL2dAK4tf+BVHHkIoRj3cQD
Static task
static1
Behavioral task
behavioral1
Sample
c2c322bbd9d0f85c368faacf7ed67bb008b8df59b454eea7434a4630730b44ce.exe
Resource
win10-20231020-en
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
grome
77.91.124.86:19084
Targets
-
-
Target
c2c322bbd9d0f85c368faacf7ed67bb008b8df59b454eea7434a4630730b44ce
-
Size
957KB
-
MD5
4f76ad74d8e5f900d3102da9305dca0a
-
SHA1
3a35d910edf703287a51fa43c5862624a75fbcfa
-
SHA256
c2c322bbd9d0f85c368faacf7ed67bb008b8df59b454eea7434a4630730b44ce
-
SHA512
312b46565e75dbb4851435b9d3369f1d2c5ad72c63285a7eddc591241901ca8f4b9ab8485d73c828b838d33cc6a5e8d829a6c36ea3342a5d6e59245a2be92600
-
SSDEEP
12288:Rbcxko2dAKlpItf+BV3XHSlHYBPHJqXbmxoRj3cQpRnRu9cdTH4:qxL2dAK4tf+BVHHkIoRj3cQD
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-