General
-
Target
1b5a0fa9011641c56cc221bcfbb4a2ef.bin
-
Size
145KB
-
Sample
231118-bmeafahe6v
-
MD5
95ecb3c9d063a62da72e583b521eb3b1
-
SHA1
19266156b363dc5d9ca904006dfd85e98bfa6310
-
SHA256
d4b2791fce0fe6475f181d91414d2123d175e7a959bae8754ab9224f91a6d557
-
SHA512
28f24f60008b3a5d9d7ba12781183f8c85c0c48e8bfb9deff81db4d54e2eb499ca05a060e460136be46c5df1c6f232b69defeeb2607960ab63be559f598af717
-
SSDEEP
3072:YQeCPUSEzfYc4asKVfVrn1pcfB07A902DnyMCY+LPBE8C9xD8n5ZktnxrqCa58C:q1lsuVrn1oB8oyMCD5EpskttqCvC
Static task
static1
Behavioral task
behavioral1
Sample
bbd761200738143705543689c13919065c19468a060b7cc63366ec414fcad107.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
bbd761200738143705543689c13919065c19468a060b7cc63366ec414fcad107.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
smokeloader
pub4
Extracted
smokeloader
2022
http://dpav.cc/tmp/
http://lrproduct.ru/tmp/
http://kggcp.com/tmp/
http://talesofpirates.net/tmp/
http://pirateking.online/tmp/
http://piratia.pw/tmp/
http://go-piratia.ru/tmp/
Extracted
redline
13
77.91.68.235:9486
Targets
-
-
Target
bbd761200738143705543689c13919065c19468a060b7cc63366ec414fcad107.exe
-
Size
226KB
-
MD5
1b5a0fa9011641c56cc221bcfbb4a2ef
-
SHA1
fee659c8ba5b437a487818f8fd7d2e7170c36774
-
SHA256
bbd761200738143705543689c13919065c19468a060b7cc63366ec414fcad107
-
SHA512
b3224b3b1edcf326de91c94553152d56c0969ebef53de32e18f12532a0cebe4bd7fea27994fe20aa48e07dd13d24896dc9fca005516b46ba0bdf45f6a0ed4240
-
SSDEEP
3072:faRO7LTd01hfIZEpuIGwSVIfgKbVb7g5NafvlXRO7meJN1X:f7LTK/GJVIIK5b7UNsW7
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-