General
-
Target
ca627643bb7b7b47e9a5df13b9e3965d.exe
-
Size
38KB
-
Sample
231230-w26nfsdeb2
-
MD5
ca627643bb7b7b47e9a5df13b9e3965d
-
SHA1
c2628970d91a3170c169074849ac6e9f1e0a8bbc
-
SHA256
9371ca0ca0eb53e4f9359d9a98eaf6230e59da36630eb798e8bed18643026544
-
SHA512
4e305286fc33b0b7c91f4fc8385bd2e9306c69ad98157113255c1505eeb8bb6aaf9b27b1afd0dbd2daaedde4b6b79b0d4ff9654376b90bf817157e894badfc72
-
SSDEEP
768:3E45SLnQpEhOB/hAGflc5xOXhr7gvexzv36:3E4EqEhOPNfqStgvexzv3
Behavioral task
behavioral1
Sample
ca627643bb7b7b47e9a5df13b9e3965d.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
ca627643bb7b7b47e9a5df13b9e3965d.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
smokeloader
2022
http://185.215.113.68/fks/index.php
Extracted
smokeloader
up3
Extracted
redline
LiveTraffic
20.79.30.95:13856
Extracted
smokeloader
2020
http://host-file-host6.com/
http://host-host-file8.com/
Extracted
stealc
http://185.172.128.79
-
url_path
/3886d2276f6914c4.php
Extracted
redline
777
195.20.16.103:20440
Targets
-
-
Target
ca627643bb7b7b47e9a5df13b9e3965d.exe
-
Size
38KB
-
MD5
ca627643bb7b7b47e9a5df13b9e3965d
-
SHA1
c2628970d91a3170c169074849ac6e9f1e0a8bbc
-
SHA256
9371ca0ca0eb53e4f9359d9a98eaf6230e59da36630eb798e8bed18643026544
-
SHA512
4e305286fc33b0b7c91f4fc8385bd2e9306c69ad98157113255c1505eeb8bb6aaf9b27b1afd0dbd2daaedde4b6b79b0d4ff9654376b90bf817157e894badfc72
-
SSDEEP
768:3E45SLnQpEhOB/hAGflc5xOXhr7gvexzv36:3E4EqEhOPNfqStgvexzv3
-
Glupteba payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Modifies Windows Firewall
-
Deletes itself
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1