General
-
Target
0c911d9087db28f6a2cfb980d404c413.exe
-
Size
38KB
-
Sample
240104-bcxzssgbg8
-
MD5
0c911d9087db28f6a2cfb980d404c413
-
SHA1
7c4f0459fb3a587cbb3331fb1a5d334fa04d1f88
-
SHA256
712a592c28a3ee66e5023a1abddb900c22470a22502eb4f71ff50a9e816df18a
-
SHA512
238bb6bb57b4594e2e0a07bc237d43422a896a1cf66ccbaff8efbc1dfc3a1ff9265a63fc756780c249117f546fc9db805de0ccd2bb19195d5ca3034fb72c65e1
-
SSDEEP
768:3E45SLnQpEhOB/hAGflc5xOXhr7gvexzv36:3E4EqEhOPNfqStgvexzv3
Behavioral task
behavioral1
Sample
0c911d9087db28f6a2cfb980d404c413.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
0c911d9087db28f6a2cfb980d404c413.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
smokeloader
2022
http://185.215.113.68/fks/index.php
Extracted
stealc
http://185.172.128.79
-
url_path
/3886d2276f6914c4.php
Extracted
smokeloader
up3
Extracted
smokeloader
2020
http://host-file-host6.com/
http://host-host-file8.com/
Extracted
redline
777
195.20.16.103:20440
Targets
-
-
Target
0c911d9087db28f6a2cfb980d404c413.exe
-
Size
38KB
-
MD5
0c911d9087db28f6a2cfb980d404c413
-
SHA1
7c4f0459fb3a587cbb3331fb1a5d334fa04d1f88
-
SHA256
712a592c28a3ee66e5023a1abddb900c22470a22502eb4f71ff50a9e816df18a
-
SHA512
238bb6bb57b4594e2e0a07bc237d43422a896a1cf66ccbaff8efbc1dfc3a1ff9265a63fc756780c249117f546fc9db805de0ccd2bb19195d5ca3034fb72c65e1
-
SSDEEP
768:3E45SLnQpEhOB/hAGflc5xOXhr7gvexzv36:3E4EqEhOPNfqStgvexzv3
-
Glupteba payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Modifies Windows Firewall
-
Deletes itself
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1