General

  • Target

    4409b8eea317b0a4406d70bda8ccddcf.exe

  • Size

    1.0MB

  • Sample

    231111-jr5l7ace9x

  • MD5

    4409b8eea317b0a4406d70bda8ccddcf

  • SHA1

    37c3548d03d62ed74290f30e4390ea13c25307c9

  • SHA256

    981e42945b27742a2ef21acaeb4f0985ac83e484671e7bedd2dc071e0c4af62f

  • SHA512

    891994d189a9f558288f192524c5f91d1087757106b7c94c808c1b43ddb02f6766e7713837bb54c1c99ab114d1a6ceece6b0cce5bdd05d474d63920991404f10

  • SSDEEP

    24576:EyXp9nZfnXaebIs4C0GECIDofdJWhTOvccJL:TXp7/KeUztGA4c1Okc

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://5.42.92.190/fks/index.php

rc4.i32
rc4.i32

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      4409b8eea317b0a4406d70bda8ccddcf.exe

    • Size

      1.0MB

    • MD5

      4409b8eea317b0a4406d70bda8ccddcf

    • SHA1

      37c3548d03d62ed74290f30e4390ea13c25307c9

    • SHA256

      981e42945b27742a2ef21acaeb4f0985ac83e484671e7bedd2dc071e0c4af62f

    • SHA512

      891994d189a9f558288f192524c5f91d1087757106b7c94c808c1b43ddb02f6766e7713837bb54c1c99ab114d1a6ceece6b0cce5bdd05d474d63920991404f10

    • SSDEEP

      24576:EyXp9nZfnXaebIs4C0GECIDofdJWhTOvccJL:TXp7/KeUztGA4c1Okc

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Executes dropped EXE

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks