General
-
Target
44d2378d87fdaeb38651cb41e7648bc1.bin
-
Size
1.5MB
-
Sample
231102-b37xpafa4v
-
MD5
5792fdf5fe896cc20f5ce5fa15126161
-
SHA1
e791a8276cf2f51c86bc9616287eeb52161e4ec2
-
SHA256
2e6ae73b4a0ee4dbc55c88622ddf697e3f7b03a23391ef33607adbfaa68c77c2
-
SHA512
47d80ca07b10c0680954f5c2daa722d136b4b7348df2c7a35cb67afae84b9247abcb0a70f1befae65282d8bf7cab4ab0d0b4d34cb0f06f0d961d646eb1a099f9
-
SSDEEP
24576:2+BKvtwHSrVlFS1QxUtflamBmYEnSGdXT+GOqoHJXNAVRjNPZ9/rEIMmUy0moLC:WwMV+86trmLhBkqopuxPEIMmTiC
Static task
static1
Behavioral task
behavioral1
Sample
77ff5bca9f8d6f2ae496976821f7cb70140cf5eb9652d18ed1de2a7c77737985.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
grome
77.91.124.86:19084
Extracted
amadey
3.89
http://77.91.124.1/theme/index.php
-
install_dir
fefffe8cea
-
install_file
explothe.exe
-
strings_key
36a96139c1118a354edf72b1080d4b2f
Extracted
redline
plost
77.91.124.86:19084
Extracted
redline
kedru
77.91.124.86:19084
Targets
-
-
Target
77ff5bca9f8d6f2ae496976821f7cb70140cf5eb9652d18ed1de2a7c77737985.exe
-
Size
1.5MB
-
MD5
44d2378d87fdaeb38651cb41e7648bc1
-
SHA1
01228c2cd256b73dea4b5e2b99877a06dd128c54
-
SHA256
77ff5bca9f8d6f2ae496976821f7cb70140cf5eb9652d18ed1de2a7c77737985
-
SHA512
af00b93a0709597f3aef7de3fc760ab534d5862b7d21c1a90f03f753a5bf801ba3db0ed25beee086932d8d4bf8fd8c16a3487b669eba13944a34596da238c747
-
SSDEEP
49152:kEVawLNp12OUFqsc6l09BQvd9NxJuLU+:pawn12lJvSBW3Jf+
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1