General
-
Target
f9a9998a64b77c2e4f20c312c4a850c06b6658d78d954692cc3efa285739b549
-
Size
1.4MB
-
Sample
231111-wmvmmsae9s
-
MD5
328bfa713d903c0151b5c46cdaea05d8
-
SHA1
25952fcf58cd36baf7d2eeb364952447ac5a3650
-
SHA256
f9a9998a64b77c2e4f20c312c4a850c06b6658d78d954692cc3efa285739b549
-
SHA512
90dd39c2f18cf6c841fad702b179a09ce4e73bf62c99246f7fb1df94025be8465b2cc31c95d51847e4225bd6ae0570a0b6e5bb6626118f6b8b49bdd810a80a1c
-
SSDEEP
24576:wyz9mmouG/KTXHGxOehIsFaIGCm4DsEylJneiNmpKfmY736i7w13dNf8:3zXoukOXm8eauHGaa2Qz36aK3dN
Static task
static1
Behavioral task
behavioral1
Sample
f9a9998a64b77c2e4f20c312c4a850c06b6658d78d954692cc3efa285739b549.exe
Resource
win10-20231023-en
Malware Config
Extracted
smokeloader
2022
http://5.42.92.190/fks/index.php
Extracted
redline
taiga
5.42.92.51:19057
Extracted
smokeloader
up3
Targets
-
-
Target
f9a9998a64b77c2e4f20c312c4a850c06b6658d78d954692cc3efa285739b549
-
Size
1.4MB
-
MD5
328bfa713d903c0151b5c46cdaea05d8
-
SHA1
25952fcf58cd36baf7d2eeb364952447ac5a3650
-
SHA256
f9a9998a64b77c2e4f20c312c4a850c06b6658d78d954692cc3efa285739b549
-
SHA512
90dd39c2f18cf6c841fad702b179a09ce4e73bf62c99246f7fb1df94025be8465b2cc31c95d51847e4225bd6ae0570a0b6e5bb6626118f6b8b49bdd810a80a1c
-
SSDEEP
24576:wyz9mmouG/KTXHGxOehIsFaIGCm4DsEylJneiNmpKfmY736i7w13dNf8:3zXoukOXm8eauHGaa2Qz36aK3dN
-
Detect Mystic stealer payload
-
Detect ZGRat V1
-
Glupteba payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-