redline | 7e4535a95c05d0f5c7788bfa933a2ceb0300178cc8ac857b825b88aa67772f16 | Triage

Submit
Reports

Overview

overview

Static

static

92c3b23368...2e.exe

windows7-x64

92c3b23368...2e.exe

windows10-2004-x64

Sharing

General

Target

c987a27d6039ac5216ceed0d8eee2f47.bin
Size

27KB
Sample

240101-chsgyacdh8
MD5

d2e8da74837bdf4841a3f47d52fa6955
SHA1

cf251da24c2d77624941f0e471ff0e548c3d7650
SHA256

7e4535a95c05d0f5c7788bfa933a2ceb0300178cc8ac857b825b88aa67772f16
SHA512

9bc1048e864ca788cbc448851af5b73ec3d959c908c47e94641568532919d073d580f8a995ed4b55b57b3377a6ce60a3c068a5ce63799c7133037ed9848acce2
SSDEEP

384:hHQYT/TM234wNR19RIOmLuLfsUjzwsLyciv+4LiJwjem544oxoqlATrjOPJZqF:hVXMM4IRTRIOmreLivlem5olATriP7o

Score

10^/10

redline smokeloader 777 livetrafic up3 backdoor evasion infostealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

92c3b23368a36a0a2c21c75f801993e050637e04c7b4fb5254eca2ece3a3552e.exe

Resource

win7-20231215-en

redline smokeloader livetrafic up3 backdoor evasion infostealer trojan

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

92c3b23368a36a0a2c21c75f801993e050637e04c7b4fb5254eca2ece3a3552e.exe

Resource

win10v2004-20231215-en

redline smokeloader 777 livetrafic up3 backdoor evasion infostealer trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://185.215.113.68/fks/index.php

rc4.i32

rc4.i32

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Extracted

Family

redline

Botnet

LiveTrafic

C2

20.79.30.95:13856

Extracted

Family

redline

Botnet

777

C2

195.20.16.103:20440

Targets

- Target
  
  92c3b23368a36a0a2c21c75f801993e050637e04c7b4fb5254eca2ece3a3552e.exe
- Size
  
  37KB
- MD5
  
  c987a27d6039ac5216ceed0d8eee2f47
- SHA1
  
  d433d0ad4bb55cc85bfb7aeafc9e587ddd0e01d6
- SHA256
  
  92c3b23368a36a0a2c21c75f801993e050637e04c7b4fb5254eca2ece3a3552e
- SHA512
  
  1c5ec99531885b09c8c37d58f658bd081afd47d854047af6b8f6e98a0927fa6c95c747fe82815c951317b874dd8d24d17e2810962016dabba3b0be3e373d9b03
- SSDEEP
  
  768:3E45SLnQpEhOB/hAGflc5xOXhr7gvexzv36:3E4EqEhOPNfqStgvexzv3
Score

10^/10

redline smokeloader livetrafic up3 backdoor evasion infostealer trojan 777
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Modifies Windows Firewall
  evasion
- Deletes itself
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinesmokeloaderlivetraficup3backdoorevasioninfostealertrojan

behavioral2

redlinesmokeloader777livetraficup3backdoorevasioninfostealertrojan

© 2018-2024

Terms | Privacy