General
-
Target
4409b8eea317b0a4406d70bda8ccddcf.exe
-
Size
1.0MB
-
Sample
231111-jr5l7ace9x
-
MD5
4409b8eea317b0a4406d70bda8ccddcf
-
SHA1
37c3548d03d62ed74290f30e4390ea13c25307c9
-
SHA256
981e42945b27742a2ef21acaeb4f0985ac83e484671e7bedd2dc071e0c4af62f
-
SHA512
891994d189a9f558288f192524c5f91d1087757106b7c94c808c1b43ddb02f6766e7713837bb54c1c99ab114d1a6ceece6b0cce5bdd05d474d63920991404f10
-
SSDEEP
24576:EyXp9nZfnXaebIs4C0GECIDofdJWhTOvccJL:TXp7/KeUztGA4c1Okc
Static task
static1
Behavioral task
behavioral1
Sample
4409b8eea317b0a4406d70bda8ccddcf.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
smokeloader
2022
http://5.42.92.190/fks/index.php
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
4409b8eea317b0a4406d70bda8ccddcf.exe
-
Size
1.0MB
-
MD5
4409b8eea317b0a4406d70bda8ccddcf
-
SHA1
37c3548d03d62ed74290f30e4390ea13c25307c9
-
SHA256
981e42945b27742a2ef21acaeb4f0985ac83e484671e7bedd2dc071e0c4af62f
-
SHA512
891994d189a9f558288f192524c5f91d1087757106b7c94c808c1b43ddb02f6766e7713837bb54c1c99ab114d1a6ceece6b0cce5bdd05d474d63920991404f10
-
SSDEEP
24576:EyXp9nZfnXaebIs4C0GECIDofdJWhTOvccJL:TXp7/KeUztGA4c1Okc
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-