Overview

overview

10

Static

static

4

LarvaLabsW...er.exe

windows7_x64

10

LarvaLabsW...er.exe

windows10_x64

10

ROGAIOSDK.dll

windows7_x64

3

ROGAIOSDK.dll

windows10_x64

3

RofPaketsoka.dll

windows7_x64

1

RofPaketsoka.dll

windows10_x64

3

ssleay32.dll

windows7_x64

1

ssleay32.dll

windows10_x64

1

storarc.dll

windows7_x64

1

storarc.dll

windows10_x64

1

storelib.dll

windows7_x64

1

storelib.dll

windows10_x64

3

storelibir-2.dll

windows7_x64

1

storelibir-2.dll

windows10_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    LarvaLabsWallet.rar

  • Size

    4.8MB

  • Sample

    211216-tnvmxsdbcn

  • MD5

    e6d23fbd6a4e6addb1fa8c2622dfa9b9

  • SHA1

    f02158e2cd9fce8ed5d09843ea03a8ffbe950816

  • SHA256

    bf81fbbc09954cde0f6883a4f983b8f9623a9e126a242dacf7afeafcd156679d

  • SHA512

    26a5d654dde84467ea541e9e8182d94017f276a361dc09b3fb749ae32cd30377b78bad99f6b553da6dc7341f676f88c132d0c934d5ddd344bd5e609a37557ebc

Score
10/10
redlinediscoveryinfostealerlinkpdfspywarestealer

Malware Config

Targets

    • Target

      LarvaLabsWallet Launcher.exe

    • Size

      323.2MB

    • MD5

      b18eaff37a9918535852c276a9f5f409

    • SHA1

      e97ec59bec67c561774bc34b7275b5b644ff4864

    • SHA256

      09383bbfa1491809d7d427c540221488ecc891196da1ce134fe5f145f8734abe

    • SHA512

      2b5a822481b827a2eb6190812ff08ec79ade534a52221806b741d9b3ee9086e3e4bff8be85ad70dd0cd942a519ff1f5bf0406f8b046f3f80d5221a5a4627b92a

    Score
    10/10
    redlinediscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      ROGAIOSDK.dll

    • Size

      334KB

    • MD5

      ec24f3bce34b05b38c79627e93b432c4

    • SHA1

      a2998092e224cf534728aeb88a523c82f6c041f9

    • SHA256

      9699430ac09901f40e7b08d892b185959803a4a61fa0ec2e4e17b3ce48b78f28

    • SHA512

      0a8d192bb12ade70ee71abaef37221b3adfa46c940b5e6668fad96cc1274eff27330f515acfc5e46358a7042ad446523989906a5ee077059016ce5588668bbfa

    Score
    3/10
    behavioral3behavioral4

    • Target

      RofPaketsoka.dll

    • Size

      260KB

    • MD5

      bc65564fe8430d684cc54b5c1ab8f012

    • SHA1

      b75e38d7dd58f351bfb2d64333f6bafa20d2f199

    • SHA256

      f2871ca7c3a685006df8d50ce7707a0eb2850e0c9de74c2a3c19c3693623bef8

    • SHA512

      2ef56b15f12f717541c81e988e400c1e2b8ffe1bb650415f89e425aad5a1ad413182357c4a427b7ba94351433e7bc2a5f5962f584235de7417f099c7ff5baed4

    Score
    3/10
    behavioral5behavioral6

    • Target

      ssleay32.dll

    • Size

      160KB

    • MD5

      90c56365f4f7b10c7cd79d109202a9f9

    • SHA1

      41c3189dd7b95da8f83543cc35bba4393072d410

    • SHA256

      ea841a1081508db0599d8e8a418af9af905481d392d7225ca8577f991233b5d6

    • SHA512

      fafe4a2b67727ca7eeb635772fe790493586ca65b1561e69168e315622150fe1d61579e59758a1e262fdf72da191b36ac784b1f24690d867177ecc5dc93ac3ec

    Score
    1/10
    behavioral7behavioral8

    • Target

      storarc.dll

    • Size

      1.2MB

    • MD5

      7ee1cd11cb173f645193daca84fed75f

    • SHA1

      8b9e1c436edd73484bd72928291673f12ee35a8e

    • SHA256

      e454c80f160ba96b276308b27aae8c63b5540a06032ed7b6c981034722597ba7

    • SHA512

      6ddd5a76d80907cbb8db778f7aad6621c3d81529c7c054e6e154d3adb8cb65b0a9350d3d1e6f6dffc7e07086a9cc9c69a0d360fc10743f0cfd4a875ad6642e8d

    Score
    1/10
    behavioral9behavioral10

    • Target

      storelib.dll

    • Size

      160KB

    • MD5

      56dd65c393317f224a03a42bf7ac39f2

    • SHA1

      d8921bc17fe0a6b974258f1055f0738b4a7ba8e4

    • SHA256

      e297ad34b4deae7d030aaa0ddd8935675988e0cb2b4e71d481bf57ac05bc66d6

    • SHA512

      ce18b16abe4d89c50cc195e6f801f6ccfe52564bf08eab25f485456c66aa237e382d9ad62c26460d86f66f5a15d1a1640c13cb1f592d416758781e903ab1c302

    Score
    3/10
    behavioral11behavioral12

    • Target

      storelibir-2.dll

    • Size

      276KB

    • MD5

      a0656d35a382b58c75cb9fb3f5388f35

    • SHA1

      f4da2119c184a5fbf2d7233bd3d7352fecfb50e2

    • SHA256

      1fb68c58d9764fc0327de464152274044cb5664e6a3d3881ca1ce562e7fe59f3

    • SHA512

      d0509c71073d1f55b5c5c485e2743f5ce8ff0042524d80d8e6e5cddea4ed4e59ad199963d5548b99d9eb646bd9d1abe45fb0d0add63ba0e427ceec2ac34bcb25

    Score
    3/10
    behavioral13behavioral14

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks