General
-
Target
08335bdd48a24722cad27405aa41b915.bin
-
Size
2.4MB
-
Sample
231230-bc9ctsgfg8
-
MD5
bde342adcaca67e3da96dd2603e67ee1
-
SHA1
e4e3c57e9e84b4195990b378d7a178ccfedf80a2
-
SHA256
bbfdc5394daee61c1c2652c9d29cfaa3c07658c9d682f22277b800fac6ffe27a
-
SHA512
df5cf0788a23f8302c8129541b20ff56ffdfcf28cf549740b7e8923eead95c24fa6bf57ae1b9d889ec1ce4a829405b68e7049482784bc82a08c8335edfc25678
-
SSDEEP
49152:hbBwGHkKP2OCuDk1JewX8mYCg7SKGqnyRr5RliNDMp5afbfOL:hRHkROLInewzYCg7SN5bniNDJQ
Static task
static1
Behavioral task
behavioral1
Sample
b15800d9e86b483c3c2473e20255c247c4879c5d9305590b2eb779871bb136fb.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
b15800d9e86b483c3c2473e20255c247c4879c5d9305590b2eb779871bb136fb.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
smokeloader
2022
http://185.215.113.68/fks/index.php
Extracted
smokeloader
up3
Extracted
redline
LiveTraffic
20.79.30.95:13856
Extracted
smokeloader
2020
http://host-file-host6.com/
http://host-host-file8.com/
Extracted
stealc
http://5.42.66.57
-
url_path
/3886d2276f6914c4.php
Extracted
lumma
http://soupinterestoe.fun/api
Targets
-
-
Target
b15800d9e86b483c3c2473e20255c247c4879c5d9305590b2eb779871bb136fb.exe
-
Size
2.5MB
-
MD5
08335bdd48a24722cad27405aa41b915
-
SHA1
176854b69dfab7ec3520e25f90dbc516ff7672d4
-
SHA256
b15800d9e86b483c3c2473e20255c247c4879c5d9305590b2eb779871bb136fb
-
SHA512
4897e5818a582646991560b19c32db33aaf0dada0051bd258d153a4234a648be9b4521079fde3041188ddca74005da36ffbacfee6c25947cda6a61aa6b1f148b
-
SSDEEP
49152:GDKeuUS/fe2a2AN8jrqXgOWqaSyJYhZcn3uOoaX6uKP5P0z4YxAwuLNKRUqHyuHg:QK5UUeOk8jrqXLyW3yuIQKhSwuRWSaHH
-
Detect Lumma Stealer payload V4
-
Detect ZGRat V1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-