General
-
Target
Roaming.rar
-
Size
433KB
-
Sample
210812-jfljbz21xn
-
MD5
67478498a1cd57320c26a958f6edf529
-
SHA1
80de60e740f6f94a51c4e22174dada1ea384cf37
-
SHA256
1a693036899a05dbbb83fb29c1487f2e43fd5bb7d8d01e3bea84166aa331f998
-
SHA512
310ef1dcab3b1758f69fd9f290a998d127fa4863363293ed2bc9b52e10815c31e944f06d15ab10ffe821af86a2972a858a2a7f1f6c850afb854d098044e820d0
Static task
static1
Behavioral task
behavioral1
Sample
2468852.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
2468852.exe
Resource
win10v20210410
Behavioral task
behavioral3
Sample
4422625.exe
Resource
win7v20210410
Behavioral task
behavioral4
Sample
4422625.exe
Resource
win10v20210408
Behavioral task
behavioral5
Sample
4701556.exe
Resource
win7v20210410
Behavioral task
behavioral6
Sample
4701556.exe
Resource
win10v20210410
Behavioral task
behavioral7
Sample
8383001.exe
Resource
win7v20210408
Malware Config
Extracted
redline
7new
sytareliar.xyz:80
yabelesatg.xyz:80
ceneimarck.xyz:80
Targets
-
-
Target
2468852.exe
-
Size
129KB
-
MD5
b6b7f896ec6c87db2a811a44abc0c5b5
-
SHA1
b17eac180c2139947d2f8fdc87ff8a2a615cbcbf
-
SHA256
02ca78fdf706e494a923c01179c6f2bcc2fd59e55d79039ac7a20a51453670c6
-
SHA512
27150b8bced3845b834be55e40cc31882a0d5290a0363fbc8e0f20244dc6e3f022c2cb5dc7e8a18b9b140994d85995e7e6ee4270ed37bfbc9535cb97ee313c63
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
4422625.exe
-
Size
174KB
-
MD5
7dfa7a1ec7a798b241d0a3521a0c593a
-
SHA1
23fa15493fd3f2e782488d341331aaf914eeba03
-
SHA256
a64f106b863dec9b842e6fd952995a7ad8dd3b272324a1265dfcb513cd986d17
-
SHA512
3817b7a711e354c5111e5354704b3a7fa07cce8801cc46f8c6ca9bf9d893cdfe1d03c7b9faefb135d193bc937a3403de84e2c8ee4a296ca0f397dca73b1acd7b
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
4701556.exe
-
Size
46KB
-
MD5
1d095bc417db73c6bc6e4c4e7b43106f
-
SHA1
db7e49df1fb5a0a665976f98ff7128aeba40c5f3
-
SHA256
b529e11f2a855b7e7bca65ac994be9dc81191c7fe1b720addb90b98da33e7fee
-
SHA512
3d255ee420aa7eb0f5f28e060d968bf4369f4be3fc8f07bd32c5482fea055e8103347440d41d17d847c5b2b2d3fb2e3a40356db1a33911c0b25828739a88a097
Score8/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
8383001.exe
-
Size
181KB
-
MD5
36acd7e8f309426cb30aeda6c58234a6
-
SHA1
e111555e3324dcb03fda2b03fd4f765dec10ee75
-
SHA256
d17fbe43bc63006f1f11be7948fc385457eb4e830567f5f564cc3d3316ce6a3d
-
SHA512
62449c4e2d9c5faae15164e5751901d2e8e978aa52a7e156e7001b44bb61ed0cc14ee2230458a239ab7a85198826fe704246043ae800ee9c55951b7182b2ea6c
-
suricata: ET MALWARE Observed Elysium Stealer Variant CnC Domain (all-brain-company .xyz in TLS SNI)
suricata: ET MALWARE Observed Elysium Stealer Variant CnC Domain (all-brain-company .xyz in TLS SNI)
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-