redline | 29af1a36104a0658965ae9fde483b4ca9c5c849e3f2edee8c3e3231c5a7a696a | Triage

Sharing

General

Target

29af1a36104a0658965ae9fde483b4ca9c5c849e3f2edee8c3e3231c5a7a696a
Size

369KB
Sample

240112-24gp1agcf4
MD5

2c8f35dd97166057ed6c064771e26c13
SHA1

a0a9ca5ee34bf0be421885fe8a138d8593140604
SHA256

29af1a36104a0658965ae9fde483b4ca9c5c849e3f2edee8c3e3231c5a7a696a
SHA512

f1a4e012d723a7eadc0725b951ea70995c845dcaf7300fa634d0ed602cba4ea197e90098182cbaabbadfc1fad5ea2156123d7464f3d67fb87ef6317e7ea3d0a2
SSDEEP

6144:vfiVxR3LFaN9aw/m/Q/B/b/R/b/I/F///c/4/3/c/B/4/E/b/4hRUsEr9EAYNClR:vfiVxR3LFaN9aw/m/Q/B/b/R/b/I/F/C

Score

10^/10

redline smokeloader backdoor infostealer spyware trojan

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://dnalnoomnus.ru/index.php

https://dnalnoomnus.ru/index.php

rc4.i32

rc4.i32

Targets

- Target
  
  29af1a36104a0658965ae9fde483b4ca9c5c849e3f2edee8c3e3231c5a7a696a
- Size
  
  369KB
- MD5
  
  2c8f35dd97166057ed6c064771e26c13
- SHA1
  
  a0a9ca5ee34bf0be421885fe8a138d8593140604
- SHA256
  
  29af1a36104a0658965ae9fde483b4ca9c5c849e3f2edee8c3e3231c5a7a696a
- SHA512
  
  f1a4e012d723a7eadc0725b951ea70995c845dcaf7300fa634d0ed602cba4ea197e90098182cbaabbadfc1fad5ea2156123d7464f3d67fb87ef6317e7ea3d0a2
- SSDEEP
  
  6144:vfiVxR3LFaN9aw/m/Q/B/b/R/b/I/F///c/4/3/c/B/4/E/b/4hRUsEr9EAYNClR:vfiVxR3LFaN9aw/m/Q/B/b/R/b/I/F/C
Score

10^/10

redline smokeloader backdoor infostealer spyware trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redlinesmokeloaderbackdoorinfostealerspywaretrojan