General
-
Target
c987a27d6039ac5216ceed0d8eee2f47.exe
-
Size
37KB
-
Sample
231230-skstgsabak
-
MD5
c987a27d6039ac5216ceed0d8eee2f47
-
SHA1
d433d0ad4bb55cc85bfb7aeafc9e587ddd0e01d6
-
SHA256
92c3b23368a36a0a2c21c75f801993e050637e04c7b4fb5254eca2ece3a3552e
-
SHA512
1c5ec99531885b09c8c37d58f658bd081afd47d854047af6b8f6e98a0927fa6c95c747fe82815c951317b874dd8d24d17e2810962016dabba3b0be3e373d9b03
-
SSDEEP
768:3E45SLnQpEhOB/hAGflc5xOXhr7gvexzv36:3E4EqEhOPNfqStgvexzv3
Behavioral task
behavioral1
Sample
c987a27d6039ac5216ceed0d8eee2f47.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
c987a27d6039ac5216ceed0d8eee2f47.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
smokeloader
2022
http://185.215.113.68/fks/index.php
Extracted
smokeloader
up3
Extracted
redline
LiveTraffic
20.79.30.95:13856
Extracted
stealc
http://185.172.128.79
-
url_path
/3886d2276f6914c4.php
Targets
-
-
Target
c987a27d6039ac5216ceed0d8eee2f47.exe
-
Size
37KB
-
MD5
c987a27d6039ac5216ceed0d8eee2f47
-
SHA1
d433d0ad4bb55cc85bfb7aeafc9e587ddd0e01d6
-
SHA256
92c3b23368a36a0a2c21c75f801993e050637e04c7b4fb5254eca2ece3a3552e
-
SHA512
1c5ec99531885b09c8c37d58f658bd081afd47d854047af6b8f6e98a0927fa6c95c747fe82815c951317b874dd8d24d17e2810962016dabba3b0be3e373d9b03
-
SSDEEP
768:3E45SLnQpEhOB/hAGflc5xOXhr7gvexzv36:3E4EqEhOPNfqStgvexzv3
-
Detect ZGRat V1
-
Glupteba payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Modifies Windows Firewall
-
Deletes itself
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Modifies boot configuration data using bcdedit
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1