redline | 6d4e02cd38ccdc03c963e5b6673fd6dade63e0c74942cec56a7545d5b53f1f50 | Triage

Submit
Reports

Overview

overview

Static

static

3

dridex

windows10-1703-x64

Resubmissions

27-01-2024 07:29

240127-jbpk2ahdbl 3

11-11-2023 05:47

231111-ghd2rsbh5y 10

11-11-2023 05:36

231111-gank8scg37 10

Sharing

General

Target

6d4e02cd38ccdc03c963e5b6673fd6dade63e0c74942cec56a7545d5b53f1f50
Size

552KB
Sample

231111-gank8scg37
MD5

45e4a4b8d22f075c02e75fa2a05229b0
SHA1

c2f756556568e923b5a5668ec0b7c53d41e07505
SHA256

6d4e02cd38ccdc03c963e5b6673fd6dade63e0c74942cec56a7545d5b53f1f50
SHA512

c2d0ded8528568ddade17752ae4acde3410db0f85cc130392f5ebfe38180bd411abb48c288b5e4b57f1fe6390579d07d65c97798ba93c2362de77b49e56c561a
SSDEEP

12288:SMrhy90T0NA0H7Gae/4IC50pCCHGN0PLvYMXiYQbDL6dQrdFCs:jyiiaaewIsgCQGIgYDrQpos

Score

10^/10

redline sectoprat smokeloader pixelnew2.0 backdoor google paypal infostealer persistence phishing rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6d4e02cd38ccdc03c963e5b6673fd6dade63e0c74942cec56a7545d5b53f1f50.exe

Resource

win10-20231023-en

redline sectoprat smokeloader pixelnew2.0 backdoor google paypal infostealer persistence phishing rat trojan

windows10-1703-x64

23 signatures

150 seconds

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://5.42.92.190/fks/index.php

rc4.i32

rc4.i32

Extracted

Family

redline

Botnet

pixelnew2.0

C2

194.49.94.11:80

Targets

- Target
  
  6d4e02cd38ccdc03c963e5b6673fd6dade63e0c74942cec56a7545d5b53f1f50
- Size
  
  552KB
- MD5
  
  45e4a4b8d22f075c02e75fa2a05229b0
- SHA1
  
  c2f756556568e923b5a5668ec0b7c53d41e07505
- SHA256
  
  6d4e02cd38ccdc03c963e5b6673fd6dade63e0c74942cec56a7545d5b53f1f50
- SHA512
  
  c2d0ded8528568ddade17752ae4acde3410db0f85cc130392f5ebfe38180bd411abb48c288b5e4b57f1fe6390579d07d65c97798ba93c2362de77b49e56c561a
- SSDEEP
  
  12288:SMrhy90T0NA0H7Gae/4IC50pCCHGN0PLvYMXiYQbDL6dQrdFCs:jyiiaaewIsgCQGIgYDrQpos
Score

10^/10

redline sectoprat smokeloader pixelnew2.0 backdoor google paypal infostealer persistence phishing rat trojan
- Detected google phishing page
  phishing google
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Detected potential entity reuse from brand paypal.
  phishing paypal
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesectopratsmokeloaderpixelnew2.0backdoorgooglepaypalinfostealerpersistencephishingrattrojan

© 2018-2025

Terms | Privacy