Overview

overview

10

Static

static

1

RustMacros.exe

windows7-x64

10

RustMacros.exe

windows10-2004-x64

10

adblib32.dll

windows7-x64

1

adblib32.dll

windows10-2004-x64

1

libquadmath-0.dll

windows7-x64

3

libquadmath-0.dll

windows10-2004-x64

3

unrar.dll

windows7-x64

3

unrar.dll

windows10-2004-x64

3

xca.dll

windows7-x64

1

xca.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RustMacros.rar

  • Size

    838KB

  • Sample

    230226-r7251aha6y

  • MD5

    e89c0e41cafceb36823d2e84e98dfda2

  • SHA1

    7fc66ce01dbde5055e4e1612a2cc0d45e4cec256

  • SHA256

    61d524d5e2174ccf68635a5735c8e8084e3bbd605d23c5d14b2d93d5eaa49fce

  • SHA512

    09b2bb45f36d1d62e7beb311109b7e06ffa82d7933fc08f18f56c504f8f1b03fc126c88db95539f52b0a2b13d5eb03b8186153557a6d2df7dc1365851afb053d

  • SSDEEP

    12288:MzloK8TSNftHFUB4lFOQBpoNN9w21ybz2poVFtxLilKvf44AFbxTDUaV8WbAj8pw:Mz6KgI5aB4LRBpQwT2qxLilWPwDtbAj

Score
10/10
redlinezingoinfostealerspywarestealertrojan

Malware Config

Extracted

Family

redline

C2

185.215.113.69:15544

Attributes
  • auth_value

    f8c95622a8bfe9810b6eb4a895933422

Targets

    • Target

      RustMacros.exe

    • Size

      433KB

    • MD5

      41789be9f31e23d811d63f299213388c

    • SHA1

      1ccc532526400d86c23a52f557b0b2658aa48244

    • SHA256

      92c1262450cc6e53470e4aca37d4eaec1ffb55b1238883579ab3a76b5fbb7200

    • SHA512

      3caec597f92887fe3ef0ef181d905096393896ead982a2b3b47019707dc5d65036956ce46c3c3fed8befe978ab937f23cc7097f8be49d2bdb73f873917184f59

    • SSDEEP

      12288:1hqxSLo5C1Ps4XhH+trp8PkFs/yYXKvcgQ:1HLmCiIhmRFs5XKnQ

    Score
    10/10
    redlinezingoinfostealerspywarestealertrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Zingo stealer

      Zingo is an info stealer first seen in March 2022.

      stealertrojanzingo

    • Zingo stealer payload

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      adblib32.dll

    • Size

      672KB

    • MD5

      22406724020c56b6e811183d1adcf814

    • SHA1

      df52dd2b19572d66fb2f01a28ea67d26b1e3e909

    • SHA256

      141bf90fa9fa40c37580ed13f24dcf495b87004dffc985967c068ee2d81f3d11

    • SHA512

      8a389202fcb9e0d7b80f6ac0b55bf117a458afeaba67b1c55fbf8586150b8bbc413464ee354b37608be9c92f5c6d6b32901dbba91a573288fc4effe5c265ecca

    • SSDEEP

      6144:/qrjPneNWKeJanfd63dZ9AFrEV/Wa0CsgesAFEL8iD0LaT7HNaOVql+9rUpz6tuG:/kjPeNWK1E9AFE0sJn2GTVtmMey

    Score
    1/10
    behavioral3behavioral4

    • Target

      libquadmath-0.dll

    • Size

      309KB

    • MD5

      3354b9256750a6b7d97ba30b4ad00717

    • SHA1

      e518b655c83985cc607f624addbc8cb61f8faead

    • SHA256

      b543942b4484d49b95f0ef72399e6ddbf49c7be54024af1e7d6001136a9145e6

    • SHA512

      fb086f26cd0c1c92f012819ccdd045cc4b7d84ba1bdd5cf5665ebf11172f49e712ffe5a354872a24715978955ec9ff7e14c730df4f917502e5533a3ebcb105fc

    • SSDEEP

      6144:UiMcnBcqngoBLqQiQZN9oal0+wbQXIqPP63I8MxpJIpe9aglmBiyRVRFjld:UidqwiQZN9oal0+wMZR8MxpxllyRVTj/

    Score
    3/10
    behavioral5behavioral6

    • Target

      unrar.dll

    • Size

      174KB

    • MD5

      8cdc0717d3537b71b5447ef9ca930eb1

    • SHA1

      ffc2a3b6a5181229cbda79618a3c928f255b94c0

    • SHA256

      67bb09a734979e5a7e25483ff903172f05e404476f792917a1c72701e860aa93

    • SHA512

      41c2e581fdbf30bc8f71307f3b913255e72021f7f3d6d5170c5cfee72f294b0e90788e51fc201412c5fb1ad4f4d60651e4cbee7e1d9a8d0b1828a505a6697aec

    • SSDEEP

      3072:vhRF1wud2QLHWZas7Ix5vepjXVJGK/ocNmg26jwwDhWifoaW5m9LMDuI:JRF1td2QL2Zask/qsK/ocl2A39x9uuI

    Score
    3/10
    behavioral7behavioral8

    • Target

      xca.dll

    • Size

      192KB

    • MD5

      1f9e9fca55ab31f623f9a80d838fc1ef

    • SHA1

      e62e2716c16ccaa826444c9df599e5eabf1d0228

    • SHA256

      83d0ffd178ced9a19186d3702ca530ce2a8c008cfd5d67cf4dd10351416f7eaa

    • SHA512

      c8d835b49bb56fbaeb6805dbb8e28bdf0b240115de1350bd10bd8d79a9a7718601f682def7194549bb9edf81042e65ef4b887e49b0bdd72f23d3503e709ccac1

    • SSDEEP

      3072:412QOopvfcJSXAQ4qdhHBdxFF/NlXORee+tZVKfHCv:4zOwfcJp9Sjh7evcSfi

    Score
    1/10
    behavioral10behavioral9

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks