redline | 013e3153a1a954ffdfcde3f20dcfdb39277106b91f9c347bb3c970e917166643 | Triage

Submit
Reports

Overview

overview

Static

static

3

dridex

windows10-2004-x64

Sharing

General

Target

013e3153a1a954ffdfcde3f20dcfdb39277106b91f9c347bb3c970e917166643
Size

957KB
Sample

231102-azlplsgd86
MD5

82dd9d01dbf4259b59852cdd2e3efa3e
SHA1

7b3f3fd8b49bce8dfb1656b6c5c65b295cfd4869
SHA256

013e3153a1a954ffdfcde3f20dcfdb39277106b91f9c347bb3c970e917166643
SHA512

29c9bc67dc54fc3789ca90479299060a06ae004a2f9ab5b3883884fb85c111e1c477cfd171c179b6adb54959b88504faba2d4f4d68081e0ca94b67f2639a035d
SSDEEP

12288:qbMvCo2dAKlpItf+BV3Xv6lHYBPHRqPD+xoRj3cM58Gu9cA1dAr:nv12dAK4tf+BVH30YoRj3cHJA

Score

10^/10

redline smokeloader grome backdoor infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

013e3153a1a954ffdfcde3f20dcfdb39277106b91f9c347bb3c970e917166643.exe

Resource

win10v2004-20231023-en

redline smokeloader grome backdoor infostealer persistence trojan

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32

rc4.i32

Extracted

Family

redline

Botnet

grome

C2

77.91.124.86:19084

Targets

- Target
  
  013e3153a1a954ffdfcde3f20dcfdb39277106b91f9c347bb3c970e917166643
- Size
  
  957KB
- MD5
  
  82dd9d01dbf4259b59852cdd2e3efa3e
- SHA1
  
  7b3f3fd8b49bce8dfb1656b6c5c65b295cfd4869
- SHA256
  
  013e3153a1a954ffdfcde3f20dcfdb39277106b91f9c347bb3c970e917166643
- SHA512
  
  29c9bc67dc54fc3789ca90479299060a06ae004a2f9ab5b3883884fb85c111e1c477cfd171c179b6adb54959b88504faba2d4f4d68081e0ca94b67f2639a035d
- SSDEEP
  
  12288:qbMvCo2dAKlpItf+BV3Xv6lHYBPHRqPD+xoRj3cM58Gu9cA1dAr:nv12dAK4tf+BVH30YoRj3cHJA
Score

10^/10

redline smokeloader grome backdoor infostealer persistence trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinesmokeloadergromebackdoorinfostealerpersistencetrojan

© 2018-2024

Terms | Privacy