General
-
Target
file.exe
-
Size
255KB
-
Sample
231118-n4kvrseh4x
-
MD5
1e19ec3c79ed9c25ae6127b88dbef6a8
-
SHA1
4c563a4dee161e349c13ac2a52b972d417be9d8f
-
SHA256
407c8e4e1a4fcba52d051e64eb52e67ad3ed5b1e1b41d41f21f7f6d32fd549f0
-
SHA512
b28e199bacaed17b26afa31eead833ee5327e6077b48cb4adc94bc8dfe074e0b2a462f314375049a3ed2db98d38f92be4d385321e17be3e5d3f2622269de58d6
-
SSDEEP
3072:x9xG5ACUDCyyIfW313kWGVRR1R5eFyI/jTRS926mMBG/p/4CY7:pHCVTkW310WOvek926YG
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
smokeloader
pub4
Extracted
smokeloader
2022
http://dpav.cc/tmp/
http://lrproduct.ru/tmp/
http://kggcp.com/tmp/
http://talesofpirates.net/tmp/
http://pirateking.online/tmp/
http://piratia.pw/tmp/
http://go-piratia.ru/tmp/
Extracted
redline
13
77.91.68.235:9486
Targets
-
-
Target
file.exe
-
Size
255KB
-
MD5
1e19ec3c79ed9c25ae6127b88dbef6a8
-
SHA1
4c563a4dee161e349c13ac2a52b972d417be9d8f
-
SHA256
407c8e4e1a4fcba52d051e64eb52e67ad3ed5b1e1b41d41f21f7f6d32fd549f0
-
SHA512
b28e199bacaed17b26afa31eead833ee5327e6077b48cb4adc94bc8dfe074e0b2a462f314375049a3ed2db98d38f92be4d385321e17be3e5d3f2622269de58d6
-
SSDEEP
3072:x9xG5ACUDCyyIfW313kWGVRR1R5eFyI/jTRS926mMBG/p/4CY7:pHCVTkW310WOvek926YG
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-