General
-
Target
013e3153a1a954ffdfcde3f20dcfdb39277106b91f9c347bb3c970e917166643
-
Size
957KB
-
Sample
231102-azlplsgd86
-
MD5
82dd9d01dbf4259b59852cdd2e3efa3e
-
SHA1
7b3f3fd8b49bce8dfb1656b6c5c65b295cfd4869
-
SHA256
013e3153a1a954ffdfcde3f20dcfdb39277106b91f9c347bb3c970e917166643
-
SHA512
29c9bc67dc54fc3789ca90479299060a06ae004a2f9ab5b3883884fb85c111e1c477cfd171c179b6adb54959b88504faba2d4f4d68081e0ca94b67f2639a035d
-
SSDEEP
12288:qbMvCo2dAKlpItf+BV3Xv6lHYBPHRqPD+xoRj3cM58Gu9cA1dAr:nv12dAK4tf+BVH30YoRj3cHJA
Static task
static1
Behavioral task
behavioral1
Sample
013e3153a1a954ffdfcde3f20dcfdb39277106b91f9c347bb3c970e917166643.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
grome
77.91.124.86:19084
Targets
-
-
Target
013e3153a1a954ffdfcde3f20dcfdb39277106b91f9c347bb3c970e917166643
-
Size
957KB
-
MD5
82dd9d01dbf4259b59852cdd2e3efa3e
-
SHA1
7b3f3fd8b49bce8dfb1656b6c5c65b295cfd4869
-
SHA256
013e3153a1a954ffdfcde3f20dcfdb39277106b91f9c347bb3c970e917166643
-
SHA512
29c9bc67dc54fc3789ca90479299060a06ae004a2f9ab5b3883884fb85c111e1c477cfd171c179b6adb54959b88504faba2d4f4d68081e0ca94b67f2639a035d
-
SSDEEP
12288:qbMvCo2dAKlpItf+BV3Xv6lHYBPHRqPD+xoRj3cM58Gu9cA1dAr:nv12dAK4tf+BVH30YoRj3cHJA
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-