General
-
Target
NEAS.5d5380e1ec3580484f3bd5559f3104531e7cc9462b4d4c3ea02a862ca5b7c70f.exe
-
Size
692KB
-
Sample
231111-mh6dxade6w
-
MD5
713445a89751b5726a7768e0e3eb7669
-
SHA1
9cce349912a7fed44d96fe837a40f752dd1abf56
-
SHA256
5d5380e1ec3580484f3bd5559f3104531e7cc9462b4d4c3ea02a862ca5b7c70f
-
SHA512
e0307fb3814000feb4f6debf755313acee37c56af32a24e918a43d23c98eee25d8ee240ec6b326bb141cf247fdea4b6e93440a9336cf54a240adbc7104f70e7e
-
SSDEEP
12288:iMrby904CelwyIaFGyz3pDd0hSUwVMXY89UC2RGAaqOp6eddr4SWjrZuVFl8:9yZlcyzJd0hzwKY4H2RGAaqOEeddr4Su
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.5d5380e1ec3580484f3bd5559f3104531e7cc9462b4d4c3ea02a862ca5b7c70f.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
smokeloader
2022
http://5.42.92.190/fks/index.php
Extracted
redline
taiga
5.42.92.51:19057
Extracted
redline
pixelnew2.0
194.49.94.11:80
Extracted
smokeloader
up3
Targets
-
-
Target
NEAS.5d5380e1ec3580484f3bd5559f3104531e7cc9462b4d4c3ea02a862ca5b7c70f.exe
-
Size
692KB
-
MD5
713445a89751b5726a7768e0e3eb7669
-
SHA1
9cce349912a7fed44d96fe837a40f752dd1abf56
-
SHA256
5d5380e1ec3580484f3bd5559f3104531e7cc9462b4d4c3ea02a862ca5b7c70f
-
SHA512
e0307fb3814000feb4f6debf755313acee37c56af32a24e918a43d23c98eee25d8ee240ec6b326bb141cf247fdea4b6e93440a9336cf54a240adbc7104f70e7e
-
SSDEEP
12288:iMrby904CelwyIaFGyz3pDd0hSUwVMXY89UC2RGAaqOp6eddr4SWjrZuVFl8:9yZlcyzJd0hzwKY4H2RGAaqOEeddr4Su
-
Detect Mystic stealer payload
-
Detect ZGRat V1
-
Glupteba payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Downloads MZ/PE file
-
Modifies Windows Firewall
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Scheduled Task/Job
1