Resubmissions

14/10/2023, 19:28

231014-x6t1wsaa6s 5

04/05/2023, 21:24

230504-z8572sfc73 10

26/01/2023, 23:34

230126-3kdpnshb9s 10

General

  • Target

    Thunderstore Mod Manager - Installer.exe

  • Size

    1.2MB

  • Sample

    230126-3kdpnshb9s

  • MD5

    6c23ecd69435865b6dd351615cd6500d

  • SHA1

    51dd99b4e54e45b58ba191fdc00c11f9c55170a1

  • SHA256

    d10975f941a3a56260eff21a05ecf16747b1c2d24874ea2e1a1e0d9cdb6cf718

  • SHA512

    7baaa53b677119044f745bd41cef04585845be8297a2de8a8efad68836797ec80d0abdb7fdbf1757854600173928e38fefc8e0bd304cdf666f9f93e719fd213d

  • SSDEEP

    24576:OCV5S21Y01vY5BU30tEOqb0s6vD3lLEbBUYSQLB++01OqQT/RUcnhlh:5V5vj1vY5q3sEGlL1ypR+HGRUchD

Malware Config

Targets

    • Target

      Thunderstore Mod Manager - Installer.exe

    • Size

      1.2MB

    • MD5

      6c23ecd69435865b6dd351615cd6500d

    • SHA1

      51dd99b4e54e45b58ba191fdc00c11f9c55170a1

    • SHA256

      d10975f941a3a56260eff21a05ecf16747b1c2d24874ea2e1a1e0d9cdb6cf718

    • SHA512

      7baaa53b677119044f745bd41cef04585845be8297a2de8a8efad68836797ec80d0abdb7fdbf1757854600173928e38fefc8e0bd304cdf666f9f93e719fd213d

    • SSDEEP

      24576:OCV5S21Y01vY5BU30tEOqb0s6vD3lLEbBUYSQLB++01OqQT/RUcnhlh:5V5vj1vY5q3sEGlL1ypR+HGRUchD

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Registers COM server for autorun

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks