General
-
Target
a1449bfe93a90aa0d874d39c89752f21.bin
-
Size
38KB
-
Sample
231229-cmhtasfcd6
-
MD5
a1449bfe93a90aa0d874d39c89752f21
-
SHA1
f687364a49742c6f3236a59ed71e74dd3bf6f20d
-
SHA256
96b498423163369457a75d8749ca599c761a6cdc413bcc20fe42888e9d636435
-
SHA512
cffe616cb67baa1fd6e6aff315675ab6cf88a47603963fe50ad2c329ba25355cb3f31af4e8c13141c101cf3b3074d81b9cbfbb18539813ceb9c3178dc94c36bf
-
SSDEEP
768:3E45SLnQpEhOB/hAGflc5xOXhr7gvexzv36:3E4EqEhOPNfqStgvexzv3
Behavioral task
behavioral1
Sample
a1449bfe93a90aa0d874d39c89752f21.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
a1449bfe93a90aa0d874d39c89752f21.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
smokeloader
2022
http://185.215.113.68/fks/index.php
Extracted
redline
LiveTraffic
20.79.30.95:13856
Extracted
smokeloader
up3
Extracted
smokeloader
2020
http://host-file-host6.com/
http://host-host-file8.com/
Extracted
stealc
http://5.42.66.58
-
url_path
/3886d2276f6914c4.php
Targets
-
-
Target
a1449bfe93a90aa0d874d39c89752f21.bin
-
Size
38KB
-
MD5
a1449bfe93a90aa0d874d39c89752f21
-
SHA1
f687364a49742c6f3236a59ed71e74dd3bf6f20d
-
SHA256
96b498423163369457a75d8749ca599c761a6cdc413bcc20fe42888e9d636435
-
SHA512
cffe616cb67baa1fd6e6aff315675ab6cf88a47603963fe50ad2c329ba25355cb3f31af4e8c13141c101cf3b3074d81b9cbfbb18539813ceb9c3178dc94c36bf
-
SSDEEP
768:3E45SLnQpEhOB/hAGflc5xOXhr7gvexzv36:3E4EqEhOPNfqStgvexzv3
-
Detect Lumma Stealer payload V4
-
Detect ZGRat V1
-
Glupteba payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Deletes itself
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-