General
-
Target
0x000600000002324d-46.dat
-
Size
38KB
-
Sample
231129-ttajyahg9w
-
MD5
4bc90f1f9e9962bd7f2e5136bc0b0ddb
-
SHA1
dabd8318724fcb6fe91f2cbe8d1bf807e321b92d
-
SHA256
e48cc9b5b9edd213a0fb10cd355342ea85550096ccadf93431041b0be486b8a4
-
SHA512
d32e7779fb5a896792ec6bb0743290eac6ca801b39ce75c0e15315c028c45b5a22f4752d006d19e0b5937d0c937fcdce6cabb7fd0c857a5428ca7b3007e72625
-
SSDEEP
768:f8FhylJE+hwr5hN7F0I0bQyvUgq65DQVi:f8qlJEQwrDNuIyvD5sV
Behavioral task
behavioral1
Sample
0x000600000002324d-46.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
0x000600000002324d-46.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
smokeloader
2022
http://194.49.94.210/fks/index.php
Extracted
redline
@ytlogsbot
194.169.175.235:42691
Extracted
redline
LiveTraffic
195.10.205.16:2245
Extracted
smokeloader
up3
Targets
-
-
Target
0x000600000002324d-46.dat
-
Size
38KB
-
MD5
4bc90f1f9e9962bd7f2e5136bc0b0ddb
-
SHA1
dabd8318724fcb6fe91f2cbe8d1bf807e321b92d
-
SHA256
e48cc9b5b9edd213a0fb10cd355342ea85550096ccadf93431041b0be486b8a4
-
SHA512
d32e7779fb5a896792ec6bb0743290eac6ca801b39ce75c0e15315c028c45b5a22f4752d006d19e0b5937d0c937fcdce6cabb7fd0c857a5428ca7b3007e72625
-
SSDEEP
768:f8FhylJE+hwr5hN7F0I0bQyvUgq65DQVi:f8qlJEQwrDNuIyvD5sV
-
Detect ZGRat V1
-
Glupteba payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1