General
-
Target
830736afc7f1332346e80048f5860b65.exe
-
Size
1.0MB
-
Sample
231111-jktlcace4t
-
MD5
830736afc7f1332346e80048f5860b65
-
SHA1
4b64e41ef4e50252339c1f9297da8fad77e76c7d
-
SHA256
a06acba515844903c5d524ea8ac8b1ea0115b1cf5c6516eabb4ecdd51934183f
-
SHA512
e2f6611357640d808b9e46dd9a8356a7b138d10dbfc2d44406f2c2a4bfb671eedbfd5ed0b3deb2ad0b04bd6fb2b4576e605b469d15fd94f3f18c14a4fb9767dd
-
SSDEEP
24576:2yimPLb2d0aeNIsSC+GehJDAkAeRH6KcmVkJN:Fi5te+l/G2dAUHkmV
Static task
static1
Behavioral task
behavioral1
Sample
830736afc7f1332346e80048f5860b65.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
smokeloader
2022
http://5.42.92.190/fks/index.php
Extracted
redline
taiga
5.42.92.51:19057
Extracted
redline
pixelnew2.0
194.49.94.11:80
Targets
-
-
Target
830736afc7f1332346e80048f5860b65.exe
-
Size
1.0MB
-
MD5
830736afc7f1332346e80048f5860b65
-
SHA1
4b64e41ef4e50252339c1f9297da8fad77e76c7d
-
SHA256
a06acba515844903c5d524ea8ac8b1ea0115b1cf5c6516eabb4ecdd51934183f
-
SHA512
e2f6611357640d808b9e46dd9a8356a7b138d10dbfc2d44406f2c2a4bfb671eedbfd5ed0b3deb2ad0b04bd6fb2b4576e605b469d15fd94f3f18c14a4fb9767dd
-
SSDEEP
24576:2yimPLb2d0aeNIsSC+GehJDAkAeRH6KcmVkJN:Fi5te+l/G2dAUHkmV
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-