Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    30c188b8b015cd09e21c82db0f53c74153fd0415ff096625501ff16df1e75de9

  • Size

    324KB

  • Sample

    240421-fa5zvabg41

  • MD5

    b53fd458a492bc8159c7343ff6facaf9

  • SHA1

    2ad05ffaf407e06a2e41216f66a3839f8d107273

  • SHA256

    30c188b8b015cd09e21c82db0f53c74153fd0415ff096625501ff16df1e75de9

  • SHA512

    1392b9b8ec4dd8105edd3b1361db62be6c160dc56263e194fab03ee5a2006ef6e33d25c37a2bae440f894a5a1fc45d0c3555c1c3160fc7b00fc2b1ef1f87f9bc

  • SSDEEP

    3072:Vb1H04IyGEONN+odMzT9DkIbG9BLYmiFjDX845HaGexW4z6xJ6CP3xgpG:btN7eNsk21JHcGeNJCP

Score
10/10
redlinesmokeloaderlogsdiller cloud (telegram: @logsdillabot)pub1backdoorinfostealerspywarestealertrojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://trad-einmyus.com/index.php

http://tradein-myus.com/index.php

http://trade-inmyus.com/index.php
rc4.i32
rc4.i32

Extracted

Family

redline

Botnet

LogsDiller Cloud (Telegram: @logsdillabot)

C2

5.42.65.50:33080

Targets

    • Target

      30c188b8b015cd09e21c82db0f53c74153fd0415ff096625501ff16df1e75de9

    • Size

      324KB

    • MD5

      b53fd458a492bc8159c7343ff6facaf9

    • SHA1

      2ad05ffaf407e06a2e41216f66a3839f8d107273

    • SHA256

      30c188b8b015cd09e21c82db0f53c74153fd0415ff096625501ff16df1e75de9

    • SHA512

      1392b9b8ec4dd8105edd3b1361db62be6c160dc56263e194fab03ee5a2006ef6e33d25c37a2bae440f894a5a1fc45d0c3555c1c3160fc7b00fc2b1ef1f87f9bc

    • SSDEEP

      3072:Vb1H04IyGEONN+odMzT9DkIbG9BLYmiFjDX845HaGexW4z6xJ6CP3xgpG:btN7eNsk21JHcGeNJCP

    Score
    10/10
    redlinesmokeloaderlogsdiller cloud (telegram: @logsdillabot)pub1backdoorinfostealerspywarestealertrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Downloads MZ/PE file

    • Deletes itself

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

System Information Discovery

2
T1082

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks