Overview

overview

10

Static

static

3

Barter Agreement.pdf

windows7_x64

1

Barter Agreement.pdf

windows10-2004_x64

1

License ag...cx.exe

windows7_x64

10

License ag...cx.exe

windows10-2004_x64

10

MARC O'POL...p4.scr

windows7_x64

10

MARC O'POL...p4.scr

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Marc O'Polo New Collection Promotion.zip

  • Size

    30.3MB

  • Sample

    220405-wyt59abce2

  • MD5

    c063648dafa7d09b61f0bda8d7ed979a

  • SHA1

    84cc89424b5068c3c99bf3279a103288c5f4a900

  • SHA256

    511a8d59afce7a05f1ddfefcb79f954b01514fe4546c8e4f5b0c7485d691cba0

  • SHA512

    2993e65649f1f7e0bad346f588112883496a4ac450f8be3d0f63e519e9a029a88a44b564a7f80566f22d2263ba89182c1bfc364868f6d994eee92c42fb179ac0

Score
10/10
redlinediscoveryinfostealerlinkpdfspywarestealer

Malware Config

Targets

    • Target

      Barter Agreement.pdf.pdf

    • Size

      131KB

    • MD5

      fcd49eb302427fdcb72d1c11671759ba

    • SHA1

      00d93fdd3990930803c0b2df3eafe1ea281bf63a

    • SHA256

      774f383d4a550810c42eb08f20f35d72845e964bffe7e789687272a2fb023124

    • SHA512

      d94eda17c75197547cfb53062c370a10d76167a8426b62611511e0cc5c3a0020e05908fc102cb61bbc5d2c77e9ff855ffc584e3df535a59ef97c567d88e4d71f

    Score
    1/10
    behavioral1behavioral2

    • Target

      License agreement.docx.exe

    • Size

      351.8MB

    • MD5

      5390609abb3087a7f176114cbf0515f4

    • SHA1

      c8c7b7dd7b937396c66ebbf5003c1b6be9ba445d

    • SHA256

      15966c883691020a203fa4fee9f5826fac8473c9330c38e9121e686d16b2bb28

    • SHA512

      829f5628d20d26ef8dd8284aea195293c89ee5c364bea94d06de80f268921207f110614dab764ae3a0b72a200ca57701dc205c67690692fc49adb162edc0358a

    Score
    10/10
    redlinediscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3behavioral4

    • Target

      MARC O'POLO - IT'S ON US - SUMMER 2022 BIGGEST PRESENTATION.mp4.scr

    • Size

      351.8MB

    • MD5

      cf8b5ad990de4131d2abee8b8dda6fa5

    • SHA1

      0e37b1b28d2122137059c9baae440bf4b2df00af

    • SHA256

      2f585fa2c9a2910cc54d9d2312ee941242b87011d21c19f2d894e093976340b6

    • SHA512

      725d66114321e2fd8f4dc65d0dae7138a7df0df37e028fb4d10df7b99abd548d3517aaf7bd68f9b735f66df8f8530a38844db5177ee0f1e2cc66c4ea60a0e94d

    Score
    10/10
    redlinediscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral5behavioral6

MITRE ATT&CK Enterprise v6

Tasks