General
-
Target
niga.exe
-
Size
69KB
-
Sample
230409-wf5h9scc37
-
MD5
78cfee5877e0dc8298c063852d986fce
-
SHA1
772af76ebad5d0a9b186b88bfe248d137587ab42
-
SHA256
48d2deb6157a8365171fb07e8b41e1cb2ae6a2757f30814d8501c231484a4077
-
SHA512
c002c1d88a3dbc72190e22bb0ebf3f502a8126b43704c083f114add555707a4b0c480e0af8b4edd9a1043137f9e5c4e33a6d8dcd84de716bebc932bb38a20f85
-
SSDEEP
1536:VMHzzWTpYHzC8tIi0HchALTvbsbvA3teOWTkuLPZ9b3mrcxug0ZdRaEX1iNyaF97:VMHHWTpYHzC8t5aceLTAbvcwkWR9bPuI
Behavioral task
behavioral1
Sample
niga.exe
Resource
win10-20230220-en
Behavioral task
behavioral2
Sample
niga.exe
Resource
win7-20230220-en
Malware Config
Extracted
njrat
Platinum
HacKed
127.0.0.1:31440
win64.exe
-
reg_key
win64.exe
-
splitter
|Ghost|
Targets
-
-
Target
niga.exe
-
Size
69KB
-
MD5
78cfee5877e0dc8298c063852d986fce
-
SHA1
772af76ebad5d0a9b186b88bfe248d137587ab42
-
SHA256
48d2deb6157a8365171fb07e8b41e1cb2ae6a2757f30814d8501c231484a4077
-
SHA512
c002c1d88a3dbc72190e22bb0ebf3f502a8126b43704c083f114add555707a4b0c480e0af8b4edd9a1043137f9e5c4e33a6d8dcd84de716bebc932bb38a20f85
-
SSDEEP
1536:VMHzzWTpYHzC8tIi0HchALTvbsbvA3teOWTkuLPZ9b3mrcxug0ZdRaEX1iNyaF97:VMHHWTpYHzC8t5aceLTAbvcwkWR9bPuI
-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-