General
-
Target
NEAS.21d7afbc833ec553ab62f34231994b10.exe
-
Size
1.6MB
-
Sample
231102-t66g5shf92
-
MD5
21d7afbc833ec553ab62f34231994b10
-
SHA1
97779dc60f32a33f33f377e49b8216c5a76e668d
-
SHA256
f0be2e03ff34a76f2da973a4bf250e3f2829b63d830fb459ffe1437ade2ff8ab
-
SHA512
1a1056fb79e726c36564912cdd3976263433893152d52624edf68fce2774abaf310a76f931683f1bdbd3b87638e2a68193a3bc53c4994667b7937ff778d2dbf0
-
SSDEEP
24576:0yr2wne5XqeeC8bqgDXts5AyEx+SLUZZvKH+22ruJ/kdmhFE9UApqZxW47FU5:DZnSX+C8GqGGR0ZS12qYmr2UApo9
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.21d7afbc833ec553ab62f34231994b10.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
grome
77.91.124.86:19084
Extracted
amadey
3.89
http://77.91.124.1/theme/index.php
-
install_dir
fefffe8cea
-
install_file
explothe.exe
-
strings_key
36a96139c1118a354edf72b1080d4b2f
Extracted
redline
plost
77.91.124.86:19084
Extracted
redline
kedru
77.91.124.86:19084
Targets
-
-
Target
NEAS.21d7afbc833ec553ab62f34231994b10.exe
-
Size
1.6MB
-
MD5
21d7afbc833ec553ab62f34231994b10
-
SHA1
97779dc60f32a33f33f377e49b8216c5a76e668d
-
SHA256
f0be2e03ff34a76f2da973a4bf250e3f2829b63d830fb459ffe1437ade2ff8ab
-
SHA512
1a1056fb79e726c36564912cdd3976263433893152d52624edf68fce2774abaf310a76f931683f1bdbd3b87638e2a68193a3bc53c4994667b7937ff778d2dbf0
-
SSDEEP
24576:0yr2wne5XqeeC8bqgDXts5AyEx+SLUZZvKH+22ruJ/kdmhFE9UApqZxW47FU5:DZnSX+C8GqGGR0ZS12qYmr2UApo9
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1