General
-
Target
195ef5e4ca5c9e009b18a1ea34369c2d87ff137a8a0f473ceb48261d7b002047
-
Size
158KB
-
Sample
240417-qz3acsbf7x
-
MD5
a1cd12cc1ee98da313afcb1e8045dcfa
-
SHA1
c5889376eb4c2215ee1356d2df7be2956259233a
-
SHA256
195ef5e4ca5c9e009b18a1ea34369c2d87ff137a8a0f473ceb48261d7b002047
-
SHA512
809f837ce7b80cc3578cde5a9b8e9d443b57fc262fce2ebcc1a32948694e63596b06de268461d26f9cb9fc60c7f1c31d145df224c41c5466a61f5f742b7f3e50
-
SSDEEP
3072:Z9/Y4pxGfkaedsqMHOUL83Uj3EgPLr8MZiX6WUua0lKsrcLfun34GsHX2S06:04LGasqAoUj3tPEMpuaeKsyuIGcXBF
Static task
static1
Behavioral task
behavioral1
Sample
b1637a25a2959c9a6da241d94d8ddac92f3e542d86dbebdc47c1a06a4f6190a0.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b1637a25a2959c9a6da241d94d8ddac92f3e542d86dbebdc47c1a06a4f6190a0.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
smokeloader
pub1
Extracted
smokeloader
2022
http://trad-einmyus.com/index.php
http://tradein-myus.com/index.php
http://trade-inmyus.com/index.php
Extracted
redline
LogsDiller Cloud (Telegram: @logsdillabot)
5.42.65.50:33080
Targets
-
-
Target
b1637a25a2959c9a6da241d94d8ddac92f3e542d86dbebdc47c1a06a4f6190a0.exe
-
Size
293KB
-
MD5
5360fe5781d535acfbaeedd08e9c5b04
-
SHA1
1d1aede764c4396086a9847c193b1ee15b528ea2
-
SHA256
b1637a25a2959c9a6da241d94d8ddac92f3e542d86dbebdc47c1a06a4f6190a0
-
SHA512
68a8943c4bffa60864d90c286d0423a06f9ddaaa8f85d4c6d92e091f938c57dd1a92865014dfac6ad3ecc2dc67c9b3e161e479112d2aa77ab8b6a1b422b5f6bf
-
SSDEEP
3072:p/c24x3493JSl4C+VunyX/Bo7bAGGT6XL1MS6DdWcvMNm2zDngP9mQ6FIwG:p/Yl4CAi/o6XCSwMNm2a9m1I
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-