General
-
Target
URA.rar
-
Size
1.4MB
-
Sample
210731-b91azeytqs
-
MD5
faf8931504a146a6a486d9ac8b81ebb3
-
SHA1
d21b73213078d64e0858ad4dabdfdf5da9c5f672
-
SHA256
7bf35cd2cf457599cc3c668104837de3176d720abf58ed22f35e6777758aa926
-
SHA512
15d11354af31a26d115a6752b8a295225ca3d09b2c2f877e83d1ed93ab3507a4c75267c078e8738268a5f11c4876cdc1e685440afab0d11e68c914a7e264819d
Malware Config
Extracted
redline
mastif
91.121.146.23:9519
Targets
-
-
Target
URA/Engine.js
-
Size
870KB
-
MD5
62ef5e3b94fef67f046b99b587fe013e
-
SHA1
5f36e3fb609a35f405ade92982b7205111dabc63
-
SHA256
125949ad84b6dff236614a3ef542f2a814b1024385fa9f9d64eb2403fd4b26fc
-
SHA512
06654013becdf9e20479bf3140bc57b1dce5ef5d1512749b61539318be00fc384cbb80f0aa3e69b8d9f3fe4cc0e4c08f7504fde6d654b0bc0c2086349cf934fb
Score1/10 -
-
-
Target
URA/Installer.exe
-
Size
1.6MB
-
MD5
8a1995805ad65999ec546a1074ac9887
-
SHA1
11d5589ca5ebb127ea57b89ee5da89e0b64fa4c6
-
SHA256
2040517dac0b553d4a589bb8c14ca4329022e0ce5e5d0ef0f2c08a2deb10fb5b
-
SHA512
cad4e187956e4db24d291ea725caf89439440eb97ebe9fa76438b76ada66ecc01a4143bf688c6506ec5148c79338e7f581305d2cb8ad17552c558c62706ae777
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
-
-
Target
URA/xNet.dll
-
Size
2.9MB
-
MD5
0a56659cff9731c30ce87968cac0ef23
-
SHA1
4fdef03ec3da0a74ec89e369df486035a4995c6d
-
SHA256
ac5f7131a15c02620676ff6dc89ba6485bbe88aadd244d297586b438ce13c811
-
SHA512
6653a3b51518ec0c611ca8fa639d49747dd8cd03622358f10f48c82b41b6dad840047ed72a09a74ecf94e2ddd5e813bbe76cbdc916d3e5a65d63f816e00f3039
Score1/10 -