Overview

overview

10

Static

static

Warzone ha...al.dll

windows7-x64

1

Warzone ha...al.dll

windows10-2004-x64

1

Warzone ha...ck.exe

windows7-x64

10

Warzone ha...ck.exe

windows10-2004-x64

10

Warzone ha...v2.dll

windows7-x64

1

Warzone ha...v2.dll

windows10-2004-x64

1

Resubmissions

11/11/2024, 21:13

241111-z2y56azmcn 10

30/07/2022, 13:41

220730-qzlydabdd7 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Warzone_hack_space_cheats.rar

  • Size

    2.0MB

  • Sample

    220730-qzlydabdd7

  • MD5

    a1de4bfa5d826d1b102d73cd1b37eff0

  • SHA1

    e3d1125a8d3e212fc234731f4535e9cfd2099dc1

  • SHA256

    80ed3454e9a44debe81d41682d26a343ed19f8d7f8706bad7805e2e8a26f657d

  • SHA512

    650052076c2988e0db5f5c8c6dad57d931ff40a0bb0d80060a32972f49cc092c876a3a0a6e40693f5b8b7fab0b729c8ee0ffd36551ccb62309b86926529bb5fd

Score
10/10
redlineytstealerinfostealerspywarestealerupx

Malware Config

Extracted

Family

redline

C2

193.106.191.160:8673

Attributes
  • auth_value

    4334b1b6304e7a30dd9472e85aa443c9

Targets

    • Target

      Warzone hack space cheats/IA2Marshal.dll

    • Size

      76KB

    • MD5

      3513a7546bbe15363a626f76e3897a8c

    • SHA1

      f22656abe335c8bfb7a795bce5bb732a66d8b895

    • SHA256

      00fdb467df300b85818341dd84feb72387650e0447c19c8bb9e266cf1d758514

    • SHA512

      567e768c0b90a6d27a586ad6ab2bcf9b17a06e7fa3c049c4434e0c69650b23aa8af5d9888f849f51e16a34ae7603c577f3fb8e4251abdd3be6b15986a3bd8f38

    Score
    1/10
    behavioral1behavioral2

    • Target

      Warzone hack space cheats/Warzone hack.exe

    • Size

      2.5MB

    • MD5

      3f4540b7b375b6f612c2256998af7c3c

    • SHA1

      59d101e0020dcd567c2d0ecc271a0067122caff4

    • SHA256

      e6cdd59f34d4bf7707237f377a4b58e1c4060f190068241c406b4c36719d8926

    • SHA512

      ef06c781c8fe20b64b3ab7048dee8f84f7bbbfefcf2d91be1eb0206969c01962633c439d4c3929052c6a9c53b834997189f3017c4affc0079f44b29130f0c2d7

    Score
    10/10
    redlineytstealerinfostealerspywarestealerupx

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • YTStealer

      YTStealer is a malware designed to steal YouTube authentication cookies.

      stealerytstealer

    • YTStealer payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

    • Target

      Warzone hack space cheats/libGLESv2.dll

    • Size

      5.8MB

    • MD5

      fa36a0ac7e17ed74f89ab26e87bca822

    • SHA1

      494e1dba754233be49507800046cd464b7a95df0

    • SHA256

      9288b00918210aba7bfb178aad65cb8b78f3704d346b3b9c3c28782aaa5b22cb

    • SHA512

      657ef09896e6f23b995a80829799418cff93ff279899f5c443b01d05b391f3b30ae87a24e6830e3c1baa0dc45ac31df0f827d9757508cf52c840760109aae5ca

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Enterprise v6

Tasks