General
-
Target
NEAS.82d073626aa50703002cdca9de51c8f0.exe
-
Size
1.2MB
-
Sample
231105-2dpmxsdg5y
-
MD5
82d073626aa50703002cdca9de51c8f0
-
SHA1
6b538321aa78ba664daadb4ed6e607b4899f939f
-
SHA256
5375ee110bb561148cd6d4a10c61e2d98efc9554b0cf6d522ffdaa6600a310f2
-
SHA512
22d0065eec4289da2421986c0e5dd04ec24d273d0770952c1e0754ec69dfb5987acca4f238ebd75683f2ee0fecec2dbf49ddc6a65d22f68297a6899d52662770
-
SSDEEP
24576:NyKs4VssGjx9iHnCq3SnA7uhBfW/xd4GtB2AdW3BSgvFSR5Xi4:oKRUjx9xqinA7uhJW/xVtB2ACvFSR5Xi
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.82d073626aa50703002cdca9de51c8f0.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
grome
77.91.124.86:19084
Targets
-
-
Target
NEAS.82d073626aa50703002cdca9de51c8f0.exe
-
Size
1.2MB
-
MD5
82d073626aa50703002cdca9de51c8f0
-
SHA1
6b538321aa78ba664daadb4ed6e607b4899f939f
-
SHA256
5375ee110bb561148cd6d4a10c61e2d98efc9554b0cf6d522ffdaa6600a310f2
-
SHA512
22d0065eec4289da2421986c0e5dd04ec24d273d0770952c1e0754ec69dfb5987acca4f238ebd75683f2ee0fecec2dbf49ddc6a65d22f68297a6899d52662770
-
SSDEEP
24576:NyKs4VssGjx9iHnCq3SnA7uhBfW/xd4GtB2AdW3BSgvFSR5Xi4:oKRUjx9xqinA7uhJW/xVtB2ACvFSR5Xi
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1