General
-
Target
2f596631ac1c4a778b2e11e4313ab35d.exe
-
Size
1.4MB
-
Sample
231111-wskpmaaf4y
-
MD5
2f596631ac1c4a778b2e11e4313ab35d
-
SHA1
d9ec72e5995662ee884ad0a2b59fe221f95e9242
-
SHA256
ab4e09d828cfe24f1be095a0f811b30ef73636bcd5df389963c340a9297ba5f0
-
SHA512
1f323ad7769e8b7fc197cbd4cc22ae8a080a91ac60251e054cbe8a65084305be9520369651aa07a437b880d73b375bc85c41fb3fb52092a9e77950ef54502c66
-
SSDEEP
24576:gyi5sacwJymgVZxL9JfFeVIsn2kGXe5Dp60+A/RsYY7W+2JnWorGc:ni5NcwEmkZN/9eWEhG+d6dA/mx7J2JnZ
Static task
static1
Malware Config
Extracted
smokeloader
2022
http://5.42.92.190/fks/index.php
Extracted
redline
taiga
5.42.92.51:19057
Extracted
smokeloader
up3
Targets
-
-
Target
2f596631ac1c4a778b2e11e4313ab35d.exe
-
Size
1.4MB
-
MD5
2f596631ac1c4a778b2e11e4313ab35d
-
SHA1
d9ec72e5995662ee884ad0a2b59fe221f95e9242
-
SHA256
ab4e09d828cfe24f1be095a0f811b30ef73636bcd5df389963c340a9297ba5f0
-
SHA512
1f323ad7769e8b7fc197cbd4cc22ae8a080a91ac60251e054cbe8a65084305be9520369651aa07a437b880d73b375bc85c41fb3fb52092a9e77950ef54502c66
-
SSDEEP
24576:gyi5sacwJymgVZxL9JfFeVIsn2kGXe5Dp60+A/RsYY7W+2JnWorGc:ni5NcwEmkZN/9eWEhG+d6dA/mx7J2JnZ
-
Detect Mystic stealer payload
-
Detect ZGRat V1
-
Glupteba payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Modifies Windows Firewall
-
Stops running service(s)
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2