General
-
Target
872aef68846ab8587a930d7d786a1a51.exe
-
Size
991KB
-
Sample
231218-31te3afgg8
-
MD5
872aef68846ab8587a930d7d786a1a51
-
SHA1
0c47b4c0c1142d63fffab41705b1bd2945409865
-
SHA256
44365f98d16e475a1638df59aca02415388a327b2f3738acbea8dfddec202654
-
SHA512
7cf397633886f4e577573274663d860b0e8a4e798d388b804dde250b7567e53217afe5505a35a753bdbd20b3c18bb1b0631b271c5c0ee3ba7efaedaae2b54e24
-
SSDEEP
24576:+y/J/5LDd/4k91SgWcFSfEplA4vAvG1A5Ig:N/J/tDdjqgWRsXSGeI
Static task
static1
Behavioral task
behavioral1
Sample
872aef68846ab8587a930d7d786a1a51.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
872aef68846ab8587a930d7d786a1a51.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
smokeloader
2022
http://185.215.113.68/fks/index.php
Extracted
redline
LiveTraffic
77.105.132.87:17066
Targets
-
-
Target
872aef68846ab8587a930d7d786a1a51.exe
-
Size
991KB
-
MD5
872aef68846ab8587a930d7d786a1a51
-
SHA1
0c47b4c0c1142d63fffab41705b1bd2945409865
-
SHA256
44365f98d16e475a1638df59aca02415388a327b2f3738acbea8dfddec202654
-
SHA512
7cf397633886f4e577573274663d860b0e8a4e798d388b804dde250b7567e53217afe5505a35a753bdbd20b3c18bb1b0631b271c5c0ee3ba7efaedaae2b54e24
-
SSDEEP
24576:+y/J/5LDd/4k91SgWcFSfEplA4vAvG1A5Ig:N/J/tDdjqgWRsXSGeI
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-