Overview

overview

10

Static

static

Lumion 12 ...up.exe

windows7-x64

10

Lumion 12 ...up.exe

windows10-2004-x64

10

Lumion 12 ...mo.dll

windows7-x64

3

Lumion 12 ...mo.dll

windows10-2004-x64

3

Lumion 12 ...GL.dll

windows7-x64

1

Lumion 12 ...GL.dll

windows10-2004-x64

Lumion 12 ...v2.dll

windows7-x64

1

Lumion 12 ...v2.dll

windows10-2004-x64

1

Lumion 12 .../nw.js

windows7-x64

1

Lumion 12 .../nw.js

windows10-2004-x64

1

Lumion 12 ...GL.dll

windows7-x64

1

Lumion 12 ...GL.dll

windows10-2004-x64

1

Lumion 12 ...v2.dll

windows7-x64

1

Lumion 12 ...v2.dll

windows10-2004-x64

1

Lumion 12 .../nw.js

windows7-x64

1

Lumion 12 .../nw.js

windows10-2004-x64

1

Lumion 12 ...mo.dll

windows7-x64

3

Lumion 12 ...mo.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Lumion 12 Pro.rar

  • Size

    49.1MB

  • Sample

    220911-mbebvabde7

  • MD5

    6c49d7cf54b3d17ba39040996b179b3a

  • SHA1

    889dfd2737d21fb1f8fcd5c2c53296efddc72c65

  • SHA256

    7ee8f22c98aa12fd857957b213a700b35b3b57522e17d0b584455d08d7cdca4c

  • SHA512

    2d9fe46ce9ece2e34aa0b3207d1a7a224184f921dd3df5ef479d63b2d78787371343237c6a9d2dabb1c036fe8d3f9634989f0381ec95fbbee24539a6095ededc

  • SSDEEP

    1572864:JwpvwcNYToMKRcgv7pUAB20gcomSV9ekB3X:JwpvdNYTkRcg1UF0gc9K9ecX

Score
10/10
redline@chaoiiing 17/08/22infostealerspyware

Malware Config

Extracted

Family

redline

Botnet

@chaoiiing 17/08/22

C2

92.38.241.94:22922

Attributes
  • auth_value

    72cce26a18d3046167e14710509d2d24

Targets

    • Target

      Lumion 12 Pro/Setup.exe

    • Size

      750.1MB

    • MD5

      7956afc5b7cdcc25f3afefbe6f60c0ac

    • SHA1

      448f5f12570139a810392009b71b710e5bbf1c64

    • SHA256

      13d88be69d884c2dc3dad8dacb3ca661ff019edd5cd930494531ada0350ff903

    • SHA512

      f334aa41556dc9369c4f8978d410ca2b710e38470b173fe175ce586fa8c9953fbb9e009f98bcf2c5fda988bc4edc2cda1e6686dd1d611d4d504decdec2c1374d

    • SSDEEP

      3072:xekJWGLunDanEw56QyYoIxIDbdRoi4D82r:xRIDanBuPIKDbdRFc8+

    Score
    10/10
    redline@chaoiiing 17/08/22infostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      Lumion 12 Pro/donut/ffmpegsumo.dll

    • Size

      963KB

    • MD5

      8d6c1353081a166c15ab31ee83906c8e

    • SHA1

      40283ef8b4343553ecf0e6e8aa4170081467bffc

    • SHA256

      564ad57d50ffe96efd0b274a8faf94fe578819405abfc26e2d3d8d092bb465f5

    • SHA512

      2a9737b940d330285c7040cb3e7753f33a4083f0a8a1ec3e487a9ada312f986115ca51a538abe256a735b680a19f410907bf00e2d70638706764bf2a7d52bd04

    • SSDEEP

      12288:shP1NwYxY4gGZF1xdFNT1Ygx+iP/U7Okow2p4mDJbWYmlna7MlPM+fCI1MIx1oU8:s9gkjxdFNT1YC+UEHowA4mdb/AM+3P

    Score
    3/10
    behavioral3behavioral4

    • Target

      Lumion 12 Pro/donut/libEGL.dll

    • Size

      208KB

    • MD5

      8a2b8adcac38aebaf2db2f7ac9d48739

    • SHA1

      6b167aa777e3cdceab18c04edc7a64afe58a6152

    • SHA256

      fbed115e8c32a137bbdffffa73d5e5ceb5c82441079c6afe471cd94821c7499e

    • SHA512

      dda6f436ec80d5d993a01f73484034f85fc918ac8707989e01eb53c7c13b1c29678e8165d470524de1dafb0c8fd1523d723b3190f89c5f6e35405ea193db3e34

    • SSDEEP

      3072:BXYFqtvMBOpw+py7arltg9hhKJErP+vsAg0FuUJF/AAg0Fuq157R/iNA:BXYSvMBbl7Ufg9hhKJuosAOUTAAOSsA

    Score
    7/10

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    behavioral5behavioral6

    • Target

      Lumion 12 Pro/donut/libGLESv2.dll

    • Size

      1.3MB

    • MD5

      69ac8131eb79ea07cde195d2d27508e6

    • SHA1

      4d59d5fd732b2114ab7b0f96158e234e2fb1237b

    • SHA256

      295f132666cbf1eeea2376e56844257e3c6a9bc3da2ffcfc48e08787343c9569

    • SHA512

      66c9e91d690b634f013d502c3e89989735475dad2c637e77d767c174dbc12dc6df7a855a65830e0d796f7d943229a033af76c70e8c5a7a119a90e8d24b7e2e1c

    • SSDEEP

      24576:347pmYf8rDQTOMYSNQamVEUEj0KwmZkCIOO8r:Pwewj6mCROO

    Score
    1/10
    behavioral7behavioral8

    • Target

      Lumion 12 Pro/donut/nw.pak

    • Size

      5.5MB

    • MD5

      0d24674943dfff947cefb3e8b90f22fc

    • SHA1

      c21836dfa7fcac7cd756b6499d815906269acdd8

    • SHA256

      0b8e036948dc0e07d41efc71418c1901c7a037b857c6adef0bf0696fb6642634

    • SHA512

      0c7e25901ebd00a619e00a90895bd9c5272e45544a1082789b93d6a912adc188c7cb7ab67f4eb5c4fd06da916e2709c6c18005e5ebda9cb778a471196784635e

    • SSDEEP

      49152:6F6PwseuK3oSVvolWJAv5SfAo2G40FH7FSpXPWav2TU5cCI8IL/s1mF4//V1liwB:JVSfAL9vkWGGG2pLTuN6

    Score
    1/10
    behavioral9behavioral10

    • Target

      Lumion 12 Pro/ini/libEGL.dll

    • Size

      203KB

    • MD5

      fee39269772633d85ad1ebf4d93611b3

    • SHA1

      915f067094dd1dd3dbe42f3acb53a8becb81b151

    • SHA256

      a974a768c54395a1f00ca5a690c86732ff82f82eec26faa3c4c87cd5322d513d

    • SHA512

      6dc1a70a86d4a3326c2fd8b0775312688c2cfeab7d16d6c4fabc3f6c6c4c0adf715369ac91691b23ed1a741953914b6739b2b050ee428ae963c3aa64c2aab00a

    • SSDEEP

      3072:K3yiHbZ85o+aolTx7H1TQOyRq3uBuUEj+0Y026O+bfEa:AHt87aolT9ahRq+IjZb8

    Score
    1/10
    behavioral11behavioral12

    • Target

      Lumion 12 Pro/ini/libGLESv2.dll

    • Size

      1.6MB

    • MD5

      4314884d92572407e1af1ff1506685df

    • SHA1

      d6f616f0fc3aacc634375ad47a7b32a7ca96fb94

    • SHA256

      6279f0d902e3c9efeff5300eac138c7f2feb15bf4c0ac7297474ed80002aab42

    • SHA512

      ac22e5a97a82c1795c8930068d0abaec2260cf91f9fdd7b01114df40041e204e4555efe2ec627c4d534e699fdd130ee0966f8ef2567f366364b385aeed458878

    • SSDEEP

      49152:TR1FwEMvZmfYItCrDMw8KUD4KMX9+Kw31:hwLZmfYqsDv8KN+

    Score
    1/10
    behavioral13behavioral14

    • Target

      Lumion 12 Pro/ini/nw.pak

    • Size

      5.5MB

    • MD5

      0b269e79caf87c9a46ae8c139fa66ff9

    • SHA1

      46dea2d9024a44289565588caa50d223fd140d4a

    • SHA256

      b93f146a82d39e06db62d4d52ff9629c4e380f81b119049e473516babe9bb338

    • SHA512

      c9d6e1e4bf3ce37186d531c70102ca1813b2387e40ad3804b3ad133c8aebe7eb56a2dd4ea02fa2cbbcfd754ece3ae993bbe54273dd6778999d221bc4f9fc1404

    • SSDEEP

      49152:9F6PwseuK3oSVvolWJAv5SfAo2G40FH7FSpXPWav2TU5cCI8IL/s1mF4//V1liwc:SVSfAL9vkWGGG2pLTuM6

    Score
    1/10
    behavioral15behavioral16

    • Target

      Lumion 12 Pro/ock/ffmpegsumo.dll

    • Size

      991KB

    • MD5

      83d7e2b05e7fab09258f6763154ce1a2

    • SHA1

      bd80808b0a5b1e32cad270506ca89653a081f3a7

    • SHA256

      f0c4ff613908c0a7b6d3c893984bbd8d63ae21de32d01b45a706667aacff43c6

    • SHA512

      e15524a791118310745645f15c23cd6f8d004c946eb1d3aaea6ab4c4a1300762dad354d374b3bcd029fd30e9fcc54743ae8b4ccb76c7a26b92905de808c83302

    • SSDEEP

      24576:Ms58Z15Ngksc9s0a8wTMMwhmSAzL7aGZELDKPPTykTCO76:MQ2Zgksc9s0aBTMWCO

    Score
    3/10
    behavioral17behavioral18

MITRE ATT&CK Enterprise v6

Tasks