General
-
Target
a61c4c824749fd30b2850fe824ae55082924e9bb4e186c23400a26fc4c5dadf0
-
Size
107KB
-
Sample
240417-q7vv9aaf63
-
MD5
53b405a944ab923634f5833fde97da26
-
SHA1
4ff60d61449919a5ed7a0beb8a12d3d305c75fac
-
SHA256
a61c4c824749fd30b2850fe824ae55082924e9bb4e186c23400a26fc4c5dadf0
-
SHA512
fc2c06d09e3d955b6d284ad1d42b3341bb8ac8130396764cb2544c97abcb8405a1ffb0b57df8357687785dbb62cb0288c2224add6085c5846ac3dcc6cc63e856
-
SSDEEP
3072:hDAFF1U0Iap9omMhIi/XjsEiYSiazV3vb9s:hDAFF1UJapBMhV/vojhvbC
Static task
static1
Behavioral task
behavioral1
Sample
2feee675a296f24476606968e2669d0efda3c14b2c56e8507bc22efbbb54ce6b.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2feee675a296f24476606968e2669d0efda3c14b2c56e8507bc22efbbb54ce6b.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
smokeloader
pub1
Extracted
smokeloader
2022
http://trad-einmyus.com/index.php
http://tradein-myus.com/index.php
http://trade-inmyus.com/index.php
Extracted
redline
LogsDiller Cloud (Telegram: @logsdillabot)
5.42.65.50:33080
Targets
-
-
Target
2feee675a296f24476606968e2669d0efda3c14b2c56e8507bc22efbbb54ce6b.exe
-
Size
186KB
-
MD5
0343235b3014134cd1f9c4f8f14bf327
-
SHA1
7df22fd8a194031121a4e4eba53d98c1a7f55bb8
-
SHA256
2feee675a296f24476606968e2669d0efda3c14b2c56e8507bc22efbbb54ce6b
-
SHA512
1cefcccde826acf72f57d4a66f2cc22132773259aad246778a1fad3f059ec978a0d83b65eb3b447793d76629e0e20b6c4320d28ba42cf5c8acd70b102e3a7571
-
SSDEEP
3072:0vHATbTxwuWJy949xuZsG/t7GJ9JA4UJykW/JqZvoh:wYbTGuWC4HAVGJ98
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-