General
-
Target
NEAS.544060943faaf373e7894dd72843f280.exe
-
Size
1.3MB
-
Sample
231107-f48mtsdf63
-
MD5
544060943faaf373e7894dd72843f280
-
SHA1
03aba58152f553d40b90e3c4a1734722a75a9618
-
SHA256
30ffa2db0c7f6b5958f3684db399e46bce0a1c49a87efa70098270f7a3a07a16
-
SHA512
d2ce63d41f3731de77a935191f48534d0a2cc30917597e27b1bd5e3e479b9ebda573973358da32ddfcb825603754652ac2b9027f6dc2340141071297e11caeb7
-
SSDEEP
24576:AyMl2Bi/2IANkwnlgqCuBHAO7jGrMCZmD486/Elh0U6Asl2W:Ho2eONkAlbCuBF7dExSk
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.544060943faaf373e7894dd72843f280.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
grome
77.91.124.86:19084
Targets
-
-
Target
NEAS.544060943faaf373e7894dd72843f280.exe
-
Size
1.3MB
-
MD5
544060943faaf373e7894dd72843f280
-
SHA1
03aba58152f553d40b90e3c4a1734722a75a9618
-
SHA256
30ffa2db0c7f6b5958f3684db399e46bce0a1c49a87efa70098270f7a3a07a16
-
SHA512
d2ce63d41f3731de77a935191f48534d0a2cc30917597e27b1bd5e3e479b9ebda573973358da32ddfcb825603754652ac2b9027f6dc2340141071297e11caeb7
-
SSDEEP
24576:AyMl2Bi/2IANkwnlgqCuBHAO7jGrMCZmD486/Elh0U6Asl2W:Ho2eONkAlbCuBF7dExSk
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1