redline | 195ef5e4ca5c9e009b18a1ea34369c2d87ff137a8a0f473ceb48261d7b002047 | Triage

Sharing

General

Target

195ef5e4ca5c9e009b18a1ea34369c2d87ff137a8a0f473ceb48261d7b002047
Size

158KB
Sample

240417-qz3acsbf7x
MD5

a1cd12cc1ee98da313afcb1e8045dcfa
SHA1

c5889376eb4c2215ee1356d2df7be2956259233a
SHA256

195ef5e4ca5c9e009b18a1ea34369c2d87ff137a8a0f473ceb48261d7b002047
SHA512

809f837ce7b80cc3578cde5a9b8e9d443b57fc262fce2ebcc1a32948694e63596b06de268461d26f9cb9fc60c7f1c31d145df224c41c5466a61f5f742b7f3e50
SSDEEP

3072:Z9/Y4pxGfkaedsqMHOUL83Uj3EgPLr8MZiX6WUua0lKsrcLfun34GsHX2S06:04LGasqAoUj3tPEMpuaeKsyuIGcXBF

Score

10^/10

redline smokeloader logsdiller cloud (telegram: @logsdillabot)pub1 backdoor infostealer trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://trad-einmyus.com/index.php

http://tradein-myus.com/index.php

http://trade-inmyus.com/index.php

rc4.i32

rc4.i32

Extracted

Family

redline

Botnet

LogsDiller Cloud (Telegram: @logsdillabot)

C2

5.42.65.50:33080

Targets

- Target
  
  b1637a25a2959c9a6da241d94d8ddac92f3e542d86dbebdc47c1a06a4f6190a0.exe
- Size
  
  293KB
- MD5
  
  5360fe5781d535acfbaeedd08e9c5b04
- SHA1
  
  1d1aede764c4396086a9847c193b1ee15b528ea2
- SHA256
  
  b1637a25a2959c9a6da241d94d8ddac92f3e542d86dbebdc47c1a06a4f6190a0
- SHA512
  
  68a8943c4bffa60864d90c286d0423a06f9ddaaa8f85d4c6d92e091f938c57dd1a92865014dfac6ad3ecc2dc67c9b3e161e479112d2aa77ab8b6a1b422b5f6bf
- SSDEEP
  
  3072:p/c24x3493JSl4C+VunyX/Bo7bAGGT6XL1MS6DdWcvMNm2zDngP9mQ6FIwG:p/Yl4CAi/o6XCSwMNm2a9m1I
Score

10^/10

smokeloader pub1 backdoor trojan redline logsdiller cloud (telegram: @logsdillabot)infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Deletes itself
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan

behavioral2

redlinesmokeloaderlogsdiller cloud (telegram: @logsdillabot)pub1backdoorinfostealertrojan