redline | 61d524d5e2174ccf68635a5735c8e8084e3bbd605d23c5d14b2d93d5eaa49fce | Triage

Sharing

General

Target

RustMacros.rar
Size

838KB
Sample

230226-r7251aha6y
MD5

e89c0e41cafceb36823d2e84e98dfda2
SHA1

7fc66ce01dbde5055e4e1612a2cc0d45e4cec256
SHA256

61d524d5e2174ccf68635a5735c8e8084e3bbd605d23c5d14b2d93d5eaa49fce
SHA512

09b2bb45f36d1d62e7beb311109b7e06ffa82d7933fc08f18f56c504f8f1b03fc126c88db95539f52b0a2b13d5eb03b8186153557a6d2df7dc1365851afb053d
SSDEEP

12288:MzloK8TSNftHFUB4lFOQBpoNN9w21ybz2poVFtxLilKvf44AFbxTDUaV8WbAj8pw:Mz6KgI5aB4LRBpQwT2qxLilWPwDtbAj

Score

10^/10

redline zingo infostealer spyware stealer trojan

Malware Config

Extracted

Family

redline

C2

185.215.113.69:15544

Attributes

auth_value
f8c95622a8bfe9810b6eb4a895933422

Targets

- Target
  
  RustMacros.exe
- Size
  
  433KB
- MD5
  
  41789be9f31e23d811d63f299213388c
- SHA1
  
  1ccc532526400d86c23a52f557b0b2658aa48244
- SHA256
  
  92c1262450cc6e53470e4aca37d4eaec1ffb55b1238883579ab3a76b5fbb7200
- SHA512
  
  3caec597f92887fe3ef0ef181d905096393896ead982a2b3b47019707dc5d65036956ce46c3c3fed8befe978ab937f23cc7097f8be49d2bdb73f873917184f59
- SSDEEP
  
  12288:1hqxSLo5C1Ps4XhH+trp8PkFs/yYXKvcgQ:1HLmCiIhmRFs5XKnQ
Score

10^/10

redline zingo infostealer spyware stealer trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Zingo stealer
  Zingo is an info stealer first seen in March 2022.
  stealer trojan zingo
- Zingo stealer payload
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  adblib32.dll
- Size
  
  672KB
- MD5
  
  22406724020c56b6e811183d1adcf814
- SHA1
  
  df52dd2b19572d66fb2f01a28ea67d26b1e3e909
- SHA256
  
  141bf90fa9fa40c37580ed13f24dcf495b87004dffc985967c068ee2d81f3d11
- SHA512
  
  8a389202fcb9e0d7b80f6ac0b55bf117a458afeaba67b1c55fbf8586150b8bbc413464ee354b37608be9c92f5c6d6b32901dbba91a573288fc4effe5c265ecca
- SSDEEP
  
  6144:/qrjPneNWKeJanfd63dZ9AFrEV/Wa0CsgesAFEL8iD0LaT7HNaOVql+9rUpz6tuG:/kjPeNWK1E9AFE0sJn2GTVtmMey
Score

1^/10
behavioral3 behavioral4
- Target
  
  libquadmath-0.dll
- Size
  
  309KB
- MD5
  
  3354b9256750a6b7d97ba30b4ad00717
- SHA1
  
  e518b655c83985cc607f624addbc8cb61f8faead
- SHA256
  
  b543942b4484d49b95f0ef72399e6ddbf49c7be54024af1e7d6001136a9145e6
- SHA512
  
  fb086f26cd0c1c92f012819ccdd045cc4b7d84ba1bdd5cf5665ebf11172f49e712ffe5a354872a24715978955ec9ff7e14c730df4f917502e5533a3ebcb105fc
- SSDEEP
  
  6144:UiMcnBcqngoBLqQiQZN9oal0+wbQXIqPP63I8MxpJIpe9aglmBiyRVRFjld:UidqwiQZN9oal0+wMZR8MxpxllyRVTj/
Score

3^/10
behavioral5 behavioral6
- Target
  
  unrar.dll
- Size
  
  174KB
- MD5
  
  8cdc0717d3537b71b5447ef9ca930eb1
- SHA1
  
  ffc2a3b6a5181229cbda79618a3c928f255b94c0
- SHA256
  
  67bb09a734979e5a7e25483ff903172f05e404476f792917a1c72701e860aa93
- SHA512
  
  41c2e581fdbf30bc8f71307f3b913255e72021f7f3d6d5170c5cfee72f294b0e90788e51fc201412c5fb1ad4f4d60651e4cbee7e1d9a8d0b1828a505a6697aec
- SSDEEP
  
  3072:vhRF1wud2QLHWZas7Ix5vepjXVJGK/ocNmg26jwwDhWifoaW5m9LMDuI:JRF1td2QL2Zask/qsK/ocl2A39x9uuI
Score

3^/10
behavioral7 behavioral8
- Target
  
  xca.dll
- Size
  
  192KB
- MD5
  
  1f9e9fca55ab31f623f9a80d838fc1ef
- SHA1
  
  e62e2716c16ccaa826444c9df599e5eabf1d0228
- SHA256
  
  83d0ffd178ced9a19186d3702ca530ce2a8c008cfd5d67cf4dd10351416f7eaa
- SHA512
  
  c8d835b49bb56fbaeb6805dbb8e28bdf0b240115de1350bd10bd8d79a9a7718601f682def7194549bb9edf81042e65ef4b887e49b0bdd72f23d3503e709ccac1
- SSDEEP
  
  3072:412QOopvfcJSXAQ4qdhHBdxFF/NlXORee+tZVKfHCv:4zOwfcJp9Sjh7evcSfi
Score

1^/10
behavioral10 behavioral9

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinezingoinfostealerspywarestealertrojan

behavioral2

redlinezingoinfostealerspywarestealertrojan

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10