Overview
overview
10Static
static
Launcher.zip
windows7-x64
1Launcher.zip
windows10-2004-x64
1Launcher/INFO.txt
windows7-x64
1Launcher/INFO.txt
windows10-2004-x64
1Launcher/Opener.bat
windows7-x64
7Launcher/Opener.bat
windows10-2004-x64
10Launcher/zzen.zip
windows7-x64
1Launcher/zzen.zip
windows10-2004-x64
1bypasser
windows7-x64
1bypasser
windows10-2004-x64
1gpasser.cmd
windows7-x64
1gpasser.cmd
windows10-2004-x64
1ks.vbs
windows7-x64
1ks.vbs
windows10-2004-x64
1General
-
Target
Launcher.zip
-
Size
4KB
-
Sample
221014-py5hnadea5
-
MD5
605e7a0b57cfa97c820015b38861a6ae
-
SHA1
abe5bca85c0108a69fa95e6aa94ccc7fb1580fff
-
SHA256
36c3824bee3a74e57b85384363df0c51bd36b6bf8f965d1ae09303fdb58cd382
-
SHA512
16bc7792d0f2ced275ec5ecc90c5992ef00f34a82951e0e04bec59aa56793d740d1bbc57b81a3f215ef9deecfe4a757f278d437933a670b2be1c8ede8ae9bc95
-
SSDEEP
96:du78u0EBrH/D4B2GnpZmQdr6z137cH9cG/6QM2:uRjB3oTpgQdrimiQM2
Static task
static1
Behavioral task
behavioral1
Sample
Launcher.zip
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Launcher.zip
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
Launcher/INFO.txt
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
Launcher/INFO.txt
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
Launcher/Opener.bat
Resource
win7-20220901-en
Behavioral task
behavioral6
Sample
Launcher/Opener.bat
Resource
win10v2004-20220812-en
Behavioral task
behavioral7
Sample
Launcher/zzen.zip
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
Launcher/zzen.zip
Resource
win10v2004-20220901-en
Behavioral task
behavioral9
Sample
bypasser
Resource
win7-20220901-en
Behavioral task
behavioral10
Sample
bypasser
Resource
win10v2004-20220812-en
Behavioral task
behavioral11
Sample
gpasser.cmd
Resource
win7-20220812-en
Behavioral task
behavioral12
Sample
gpasser.cmd
Resource
win10v2004-20220812-en
Behavioral task
behavioral13
Sample
ks.vbs
Resource
win7-20220812-en
Behavioral task
behavioral14
Sample
ks.vbs
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
@moriwWs
litrazalilibe.xyz:81
-
auth_value
c2f987b4e6cd55ad1315311e92563eca
Extracted
redline
185.186.142.127:17355
-
auth_value
2d7be1ed915f7e5f91af0977d4175cb7
Extracted
redline
h
185.106.92.139:16578
-
auth_value
d5aafe5ab67bae4a3f7cda3b2e30f9b7
Targets
-
-
Target
Launcher.zip
-
Size
4KB
-
MD5
605e7a0b57cfa97c820015b38861a6ae
-
SHA1
abe5bca85c0108a69fa95e6aa94ccc7fb1580fff
-
SHA256
36c3824bee3a74e57b85384363df0c51bd36b6bf8f965d1ae09303fdb58cd382
-
SHA512
16bc7792d0f2ced275ec5ecc90c5992ef00f34a82951e0e04bec59aa56793d740d1bbc57b81a3f215ef9deecfe4a757f278d437933a670b2be1c8ede8ae9bc95
-
SSDEEP
96:du78u0EBrH/D4B2GnpZmQdr6z137cH9cG/6QM2:uRjB3oTpgQdrimiQM2
Score1/10 -
-
-
Target
Launcher/INFO.txt
-
Size
3KB
-
MD5
ff5a8524d68dfeaa43817dd615fc978b
-
SHA1
d3e777906f9c8ef420a16dcea4df1b79bbdc9a45
-
SHA256
a17ed8a04c68bc3de4cc996feaf103babf9e2bd77f11af281d0fdaaa8075b994
-
SHA512
f3bbf7d83ce72d682f81b434a02a62018054c52426eff25ba2c513e0dafaaacd63bf2cb2714106453e2fee659354d38b17f6c6f3442d4779fe357e0c4677fc6d
Score1/10 -
-
-
Target
Launcher/Opener.bat
-
Size
2KB
-
MD5
8092113dbaa8ee234de6ee8039b7db66
-
SHA1
6cdb65dd9e6aaa54a82ff3ac10e1b9b40bfc8e39
-
SHA256
576e869202da1137de261ed1519ad0487331a69db5890b0746b5bf4d310d3992
-
SHA512
badfd71b652f9a3c91c690269e0ef36496998614a0d7c30bbbed8bebb163bac5590fed3188ae907829536cb96a008299ad63d6950ebb9623f927877f89197754
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
-
-
Target
Launcher/zzen.dll
-
Size
1KB
-
MD5
9a9927c76bf5cb5d9bb169ff194d00c3
-
SHA1
b9d8ac8b972e79e64d4b86a286ea91bfa58f3c16
-
SHA256
9c545fe8f7cfb23deeba66742d404f40476b07df7c5dc0c19bb25b80da670be6
-
SHA512
266319dde44d695eb4bd2c0d96b3fbe46e1705139e48740ea6a457b5de2ddf8eda4f1e84e6e2ebaea0c4969492aab5e918296e6e6260dce08f22acbbe14df1db
Score1/10 -
-
-
Target
bypasser
-
Size
284B
-
MD5
750d2d6e6d90d6ee0cbd3c28e2707a8c
-
SHA1
d5ded609bdd6bf159f933bdc2fb0dd35f9025a45
-
SHA256
f474dc2ec8e6751f98af5d622c9aa45198c82f92974c586e90dd965b4e34d4d9
-
SHA512
3c9a625a2bdcb5dfbe1c39f21f5264632875fc4998bcdadd4e1ec93d8b7431c11c58ddba873cfa0b684169b7b71856fa3ecf30eb0e3fbccd4105c70ffcdef16f
Score1/10 -
-
-
Target
gpasser.cmd
-
Size
1001B
-
MD5
2383324af89f82aa98bb362b0e91f0fc
-
SHA1
7f3d00c4294b9e4a3a0ea0ebe20715f72e771e64
-
SHA256
5c0e11041b868a1d066e8bb8d938ba4f567891d5753321d0f70a8b2ca0371585
-
SHA512
c673f86c5fa55388e72584f9d234e8ab64a918092d470bb73cd7f0f38226808bd75aeb0e014b9f7077538a546a4f2a52317f95c4414b16e66e8788b25388300b
Score1/10 -
-
-
Target
ks.avi
-
Size
1KB
-
MD5
f0c204bc611408d8df61ad55b780cc93
-
SHA1
59247bf13acae45fffe83101baa6dd2ce8f4decc
-
SHA256
62042952515a52cf38f41b2e5e8f3ab59fc690f9a42658720bff56507ab2add2
-
SHA512
4903874af4067763bef67c32d0da1fe60990b266c850aee5684b9bc8e9d5e7869ac6bb9ba812b2e6f450673c24ebb46e14547ff283b4cb31b114ee36b7dfb356
Score1/10 -