redline | a61c4c824749fd30b2850fe824ae55082924e9bb4e186c23400a26fc4c5dadf0 | Triage

Sharing

General

Target

a61c4c824749fd30b2850fe824ae55082924e9bb4e186c23400a26fc4c5dadf0
Size

107KB
Sample

240417-q7vv9aaf63
MD5

53b405a944ab923634f5833fde97da26
SHA1

4ff60d61449919a5ed7a0beb8a12d3d305c75fac
SHA256

a61c4c824749fd30b2850fe824ae55082924e9bb4e186c23400a26fc4c5dadf0
SHA512

fc2c06d09e3d955b6d284ad1d42b3341bb8ac8130396764cb2544c97abcb8405a1ffb0b57df8357687785dbb62cb0288c2224add6085c5846ac3dcc6cc63e856
SSDEEP

3072:hDAFF1U0Iap9omMhIi/XjsEiYSiazV3vb9s:hDAFF1UJapBMhV/vojhvbC

Score

10^/10

redline smokeloader logsdiller cloud (telegram: @logsdillabot)pub1 backdoor infostealer trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://trad-einmyus.com/index.php

http://tradein-myus.com/index.php

http://trade-inmyus.com/index.php

rc4.i32

rc4.i32

Extracted

Family

redline

Botnet

LogsDiller Cloud (Telegram: @logsdillabot)

C2

5.42.65.50:33080

Targets

- Target
  
  2feee675a296f24476606968e2669d0efda3c14b2c56e8507bc22efbbb54ce6b.exe
- Size
  
  186KB
- MD5
  
  0343235b3014134cd1f9c4f8f14bf327
- SHA1
  
  7df22fd8a194031121a4e4eba53d98c1a7f55bb8
- SHA256
  
  2feee675a296f24476606968e2669d0efda3c14b2c56e8507bc22efbbb54ce6b
- SHA512
  
  1cefcccde826acf72f57d4a66f2cc22132773259aad246778a1fad3f059ec978a0d83b65eb3b447793d76629e0e20b6c4320d28ba42cf5c8acd70b102e3a7571
- SSDEEP
  
  3072:0vHATbTxwuWJy949xuZsG/t7GJ9JA4UJykW/JqZvoh:wYbTGuWC4HAVGJ98
Score

10^/10

smokeloader pub1 backdoor trojan redline logsdiller cloud (telegram: @logsdillabot)infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Deletes itself
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan

behavioral2

redlinesmokeloaderlogsdiller cloud (telegram: @logsdillabot)pub1backdoorinfostealertrojan