General
-
Target
485691be547b832c29a0d81223b756fc.exe
-
Size
991KB
-
Sample
231219-azssxsfhc5
-
MD5
485691be547b832c29a0d81223b756fc
-
SHA1
6bb38cbede7d55466cc25d4c3d33e07c4ea59e16
-
SHA256
433895b81e5ef461f97327e064b25cb40284a44049e6231c0c60e6f54517138a
-
SHA512
2722634c6cc654e6854d458a3b87521ba0e33addfc6cec9b2373fa98878562e1f334762c1ac0f7efc2a93e7167fe318668cb60aae8932df6983a74572de6e10b
-
SSDEEP
24576:OyWpUBWQdYhk9Dy9rNZPzlzc62cVSMrgk:dOUcQd1o9rccJ
Static task
static1
Behavioral task
behavioral1
Sample
485691be547b832c29a0d81223b756fc.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
485691be547b832c29a0d81223b756fc.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
smokeloader
2022
http://185.215.113.68/fks/index.php
Extracted
redline
LiveTraffic
77.105.132.87:17066
Extracted
smokeloader
up3
Targets
-
-
Target
485691be547b832c29a0d81223b756fc.exe
-
Size
991KB
-
MD5
485691be547b832c29a0d81223b756fc
-
SHA1
6bb38cbede7d55466cc25d4c3d33e07c4ea59e16
-
SHA256
433895b81e5ef461f97327e064b25cb40284a44049e6231c0c60e6f54517138a
-
SHA512
2722634c6cc654e6854d458a3b87521ba0e33addfc6cec9b2373fa98878562e1f334762c1ac0f7efc2a93e7167fe318668cb60aae8932df6983a74572de6e10b
-
SSDEEP
24576:OyWpUBWQdYhk9Dy9rNZPzlzc62cVSMrgk:dOUcQd1o9rccJ
-
Detect ZGRat V1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1