Overview

overview

10

Static

static

10

Redline St....2.exe

windows10-1703-x64

10

Redline St...ck.exe

windows10-1703-x64

10

Redline St...db.dll

windows10-1703-x64

1

Redline St...db.dll

windows10-1703-x64

1

Redline St...ks.dll

windows10-1703-x64

1

Redline St...il.dll

windows10-1703-x64

1

Redline St...ub.exe

windows10-1703-x64

10

Redline St...st.exe

windows10-1703-x64

10

Redline St...CF.dll

windows10-1703-x64

1

Redline St....2.exe

windows10-1703-x64

10

Redline St...er.exe

windows10-1703-x64

10

Redline St....2.exe

windows10-1703-x64

10

Redline St...xe.xml

windows10-1703-x64

1

Redline St...ck.exe

windows10-1703-x64

10

Redline St...).docx

windows10-1703-x64

1

Redline St...).docx

windows10-1703-x64

1

Redline St....2.exe

windows10-1703-x64

10

Redline St...el.exe

windows10-1703-x64

10

Redline St....2.exe

windows10-1703-x64

10

Redline St...ck.exe

windows10-1703-x64

10

Redline St...me.exe

windows10-1703-x64

8

Redline St...48.exe

windows10-1703-x64

7

Redline St...ar.exe

windows10-1703-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Redline Stealer v24.2 cracked [XT_CH].rar

  • Size

    21.8MB

  • Sample

    230424-s32jcaee51

  • MD5

    64699e499ebd8ed101b0566e4d2aeec3

  • SHA1

    ab17ac5da9b6b51a0e83bc1c71bc807ff8e2bfa3

  • SHA256

    f414e4465043ddc7e7d558b341d2fefaf62a379d8107c7bc7b39a3d3f4c55b56

  • SHA512

    2afbe5af840383fcc4ab7ce3b8ee25023b4f2074bcf6b68890fbeeca52553f7c3e0411cbecd2a7748389f7202c167cea4022b6ff551626a552f05e7942e1ef8e

  • SSDEEP

    393216:4MVV0yWlp/sEvKWVm68FV3rOBZybyWKXzR8+5Vtck00:4U0yWb/sEvKWVm6k3rOBEmWkm1K

Score
10/10
asyncratpandastealerredlinesectopratstormkittydefaultdiscoveryinfostealerpersistenceratspywarestealertrojan

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

https://api.telegram.org/bot6093966625:AAHk4dddHb8B1faCcFqL3um1gmB-f2mWhyc/sendMessage?chat_id=5529838804
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Extracted

Family

pandastealer

Version

1.11

C2

http://thisisgenk.temp.swtest.ru

Extracted

Family

pandastealer

Version

�

C2

http://�

Extracted

Family

pandastealer

Version

��H

C2

http://�H

Targets

    • Target

      Redline Stealer v24.2 cracked [XT_CH]/Kurome.Builder/Kurome.Builder v24.2.exe

    • Size

      170KB

    • MD5

      470a8267b5eba7eb998d9fa69532f849

    • SHA1

      1152ddb2ab93aae9983e3e8b5c4f367875323e3e

    • SHA256

      6cdb8d1af85d10ed3022ae0a183e3e9dff0ad1bc4a90915e7e41b600154a349e

    • SHA512

      5f151230dc97e0804cbe7b36ce9a4570023bdaf0283ae2681732a835c26e540ec93f9c56cd78599c8deeeaed10b2b50f9c976c85ad95d4e36460e05083f7048d

    • SSDEEP

      3072:O+STW8djpN6izj8mZwHQiWZqswqIPu/i9b+J2cOZTMi56+WpL:z8XN6W8mmdUwXPSi9b2c3

    Score
    10/10
    asyncratstormkittydefaultratspywarestealer

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Async RAT payload

      rat

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

    behavioral1

    • Target

      Redline Stealer v24.2 cracked [XT_CH]/Kurome.Builder/Kurome.Builder_crack.exe

    • Size

      13.4MB

    • MD5

      ef176d75dff0768b2277cf9b4b7bf443

    • SHA1

      c981e9ba720366c3167cc92584bc7e86fe114d69

    • SHA256

      8d9bef7ae2d1334f6bdf7d7db3ee34da759c23f76c1623930425345787437e4c

    • SHA512

      67200dbb3dccb5207491b542059d236a9f1ab2d644151a3e3ba4c873636fb4ea564fabb8bdecbbdad677e0420d3d9e2b5057985c8d7162ffd5958f421893d9fb

    • SSDEEP

      393216:qm4pYqfmQvJzX0KIBJfrQaVjgF1vlKdV6/zEC55891:qxpYqfmYzAVjgF1vl+ud5U1

    Score
    10/10
    pandastealerspywarestealer

    • Panda Stealer payload

    • PandaStealer

      Panda Stealer is a fork of CollectorProject Stealer written in C++.

      stealerpandastealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral2

    • Target

      Redline Stealer v24.2 cracked [XT_CH]/Kurome.Builder/Mono.Cecil.Mdb.dll

    • Size

      42KB

    • MD5

      1c6aca0f1b1fa1661fc1e43c79334f7c

    • SHA1

      ec0f591a6d12e1ea7dc8714ec7e5ad7a04ef455d

    • SHA256

      411f8ed8c49738fa38a56ed8f991d556227d13602e83186e66ae1c4f821c940b

    • SHA512

      1c59e939d108f15881d29fe4ced4e5fa4a4476394b58b6eb464da77192cb8fe9221b7cd780af4596914d4cce7c3fc53f1bb567f944c58829de8efbe1fd87be76

    • SSDEEP

      768:Ar5EYZep98C87KHeBUZwrEzsEAnbF+em50KktmM4CRIcZwMRTIzMAtpw:Ar59g98C87KHeBUb5AnZG+zdwMRTzAtS

    Score
    1/10
    behavioral3

    • Target

      Redline Stealer v24.2 cracked [XT_CH]/Kurome.Builder/Mono.Cecil.Pdb.dll

    • Size

      87KB

    • MD5

      6d5eb860c2be5dbeb470e7d3f3e7dda4

    • SHA1

      80c76660b87c52127b1a7da48e27700f75362041

    • SHA256

      447ede1984bb4acd73bd97c0ec57a11c079cee8301c91fb199ca98c1906d3cc4

    • SHA512

      64cf4fe7de68a35720d2b9338ba9cf182e127d95d72d2ccf7ff5c73a368133663e70c988a460825fa87b2d03717a4447948d5262f56aceb7c3bf1cb3ab5a41a5

    • SSDEEP

      1536:2OCAsdBo+am5OMwr5IlALYKXgAJGsZhTjrjvjCXeO:ZCjta0OMuIlArVJGqT/jveXeO

    Score
    1/10
    behavioral4

    • Target

      Redline Stealer v24.2 cracked [XT_CH]/Kurome.Builder/Mono.Cecil.Rocks.dll

    • Size

      27KB

    • MD5

      6e7f0f4fff6c49e3f66127c23b7f1a53

    • SHA1

      14a529f8c7ee9f002d1e93dcf8ff158ab74c7e1a

    • SHA256

      2e2623319bdc362974a78ea4a43f4893011ec257884d24267f4594142fcd436e

    • SHA512

      0c773da6717dd6919cd6241d3cee26ab00bb61ea2dbeff24844a067af4c87ff5cbdb2fe3ada5db4707cee921b3fb353bd12ee22b8490597d4f67ad39bace235e

    • SSDEEP

      384:70ve8JOuJ5iC7n2NwxEXCni+VXcMeDz8PmR1ugLoaeuLMBG9UphJAprjE3uFLHa9:7+m4iCyrXOhG8uRssveum1pMFLHFBvd

    Score
    1/10
    behavioral5

    • Target

      Redline Stealer v24.2 cracked [XT_CH]/Kurome.Builder/Mono.Cecil.dll

    • Size

      350KB

    • MD5

      de69bb29d6a9dfb615a90df3580d63b1

    • SHA1

      74446b4dcc146ce61e5216bf7efac186adf7849b

    • SHA256

      f66f97866433e688acc3e4cd1e6ef14505f81df6b26dd6215e376767f6f954bc

    • SHA512

      6e96a510966a4acbca900773d4409720b0771fede37f24431bf0d8b9c611eaa152ba05ee588bb17f796d7b8caaccc10534e7cc1c907c28ddfa54ac4ce3952015

    • SSDEEP

      6144:jIevdbLPNYe8bikm98KXPHhOWY/fFREomhUFD3z:se1PNL+QRfBg/f/EWFD

    Score
    1/10
    behavioral6

    • Target

      Redline Stealer v24.2 cracked [XT_CH]/Kurome.Builder/stub.dll

    • Size

      96KB

    • MD5

      625ed01fd1f2dc43b3c2492956fddc68

    • SHA1

      48461ef33711d0080d7c520f79a0ec540bda6254

    • SHA256

      6824c2c92eb7cee929f9c6b91e75c8c1fc3bfe80495eba4fa27118d40ad82b2b

    • SHA512

      1889c7cee50092fe7a66469eb255b4013624615bac3a9579c4287bf870310bdc9018b0991f0ad7a9227c79c9bd08fd0c6fc7ebe97f21c16b7c06236f3755a665

    • SSDEEP

      1536:9G6ijoigzKqO1RUTBHQsu/0igR4vYVVlmbfaxv0ujXyyedOn4iwEEl:BSElHQ/ORUYos0ujyzdZl

    Score
    10/10
    redlinesectopratinfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    behavioral7

    • Target

      Redline Stealer v24.2 cracked [XT_CH]/Kurome.Host/Kurome.Host.exe

    • Size

      1.4MB

    • MD5

      b141f114ecbfd918e995d5b40cc4309a

    • SHA1

      403ed39ba990caf4fc82672257875e58ed3a9c3f

    • SHA256

      c11a53f5cdd9d41b754e8cdb8132b7c13f224359302dbb8a4bd9502271feafbe

    • SHA512

      9f2fcef0f8d330d3d7615e642b351bb53da4679df64ee6cc937dd50cdbb318afecca2b56ad2b2a93a9cd6ae41d8e3dfcbc5f876c83f88ec13bc9cef49448315b

    • SSDEEP

      24576:loJEKZ6IEGTMxapRl2PSwHTehy6BP+pXShToJEKZ6IEGTMxapRl2PSwHTehy6BPk:louKZ6iMqRl2PSwzehy6cpXShTouKZ6x

    Score
    10/10
    pandastealerspywarestealer

    • Panda Stealer payload

    • PandaStealer

      Panda Stealer is a fork of CollectorProject Stealer written in C++.

      stealerpandastealer

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral8

    • Target

      Redline Stealer v24.2 cracked [XT_CH]/Kurome.Host/Kurome.WCF.dll

    • Size

      123KB

    • MD5

      e3d39e30e0cdb76a939905da91fe72c8

    • SHA1

      433fc7dc929380625c8a6077d3a697e22db8ed14

    • SHA256

      4bfa493b75361920e6403c3d85d91a454c16ddda89a97c425257e92b352edd74

    • SHA512

      9bb3477023193496ad20b7d11357e510ba3d02b036d6f35f57d061b1fc4d0f6cb3055ae040d78232c8a732d9241699ddcfac83cc377230109bf193736d9f92b8

    • SSDEEP

      3072:9mWO8dR1mB5UzPU7vdTm8pLetBD0PQbP1:g2dL8ewbJnpBe

    Score
    1/10
    behavioral9

    • Target

      Redline Stealer v24.2 cracked [XT_CH]/Kurome.Loader/._cache_Kurome Loader 20.2.exe

    • Size

      170KB

    • MD5

      470a8267b5eba7eb998d9fa69532f849

    • SHA1

      1152ddb2ab93aae9983e3e8b5c4f367875323e3e

    • SHA256

      6cdb8d1af85d10ed3022ae0a183e3e9dff0ad1bc4a90915e7e41b600154a349e

    • SHA512

      5f151230dc97e0804cbe7b36ce9a4570023bdaf0283ae2681732a835c26e540ec93f9c56cd78599c8deeeaed10b2b50f9c976c85ad95d4e36460e05083f7048d

    • SSDEEP

      3072:O+STW8djpN6izj8mZwHQiWZqswqIPu/i9b+J2cOZTMi56+WpL:z8XN6W8mmdUwXPSi9b2c3

    Score
    10/10
    asyncratstormkittydefaultratspywarestealer

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Async RAT payload

      rat

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

    behavioral10

    • Target

      Redline Stealer v24.2 cracked [XT_CH]/Kurome.Loader/._cache_KuromeLoader.exe.exe

    • Size

      2.2MB

    • MD5

      c1bf694a0aab442c2b3d40ec4f56ace5

    • SHA1

      2ea6ef48ac190a26a738e22ad454b91fc58d3218

    • SHA256

      00ae4b11e9757721ff825a6d84e0afefb810ce0e062c836503ca14141ca31a39

    • SHA512

      d8386440e89c1ae538f53bb5a9ee4d8030b6067eb1c6d18fadd118e88d506e11343c0f3cd58bc2636739ade87aef821e2513f0aa8a760bd9787a07a49a48c610

    • SSDEEP

      49152:rnsHyjtk2MYC5GDeCouKZ6iMqRl2PSwzehy6cpXShTouKZ6iMqRl2PSwzehy6cpu:rnsmtk2a9UzehkUzehz

    Score
    10/10
    asyncratpandastealerstormkittyratstealer

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Panda Stealer payload

    • PandaStealer

      Panda Stealer is a fork of CollectorProject Stealer written in C++.

      stealerpandastealer

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Async RAT payload

      rat
    behavioral11

    • Target

      Redline Stealer v24.2 cracked [XT_CH]/Kurome.Loader/Kurome Loader 24.2.exe

    • Size

      923KB

    • MD5

      ad5e1454eb96c012755dcab90cfd69cf

    • SHA1

      17f93458b223542eed1c269d9c64b8c39341b1cd

    • SHA256

      726725262283f68ec3e3f62d13863c7df9b08f54e19c28603407d98631468494

    • SHA512

      1f503e6619ff5cd87838b4618400ae54c24d5f618813cfd8ce7ecdd53f25d74186dda096a1a2ab49848184e22137c05de0fbf010a0ccc9adcc5b58e727da1d46

    • SSDEEP

      12288:0MSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9Z0N6qsUwXPDgj:0nsJ39LyjbJkQFMhmC+6GD9UaE

    Score
    10/10
    asyncratstormkittydefaultpersistenceratspywarestealer

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Async RAT payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

    behavioral12

    • Target

      Redline Stealer v24.2 cracked [XT_CH]/Kurome.Loader/Kurome.Loader.exe.config

    • Size

      186B

    • MD5

      9070d769fd43fb9def7e9954fba4c033

    • SHA1

      de4699cdf9ad03aef060470c856f44d3faa7ea7f

    • SHA256

      cbaf2ae95b1133026c58ab6362af2f7fb2a1871d7ad58b87bd73137598228d9b

    • SHA512

      170028b66c5d2db2b8c90105b77b0b691bf9528dc9f07d4b3983d93e9e37ea1154095aaf264fb8b5e67c167239697337cc9e585e87ef35faa65a969cac1aa518

    Score
    1/10
    behavioral13

    • Target

      Redline Stealer v24.2 cracked [XT_CH]/Kurome.Loader/Kurome.Loader_crack.exe

    • Size

      1.4MB

    • MD5

      caeeb7b39d19fb9ae4209d5b82580454

    • SHA1

      5e8e38685c130250b1e6a132302549be4e1a1952

    • SHA256

      d94103367cd58a86f60f0f1560084fb30e3fe137f03eb8a49adf600d31dfacf5

    • SHA512

      6093ea192a677d7632b0f716dcf7a051e1f055334deb9d56acb4f921d08eadfa79ef58477400328a9e3ee6e64043d15c658c4b335cc2f9b6f91a44ce8dd4b46c

    • SSDEEP

      24576:/oJEKZ6IEGTMxapRl2PSwHTehy6BP+pXShToJEKZ6IEGTMxapRl2PSwHTehy6BPF:/ouKZ6iMqRl2PSwzehy6cpXShTouKZ6E

    Score
    10/10
    pandastealerspywarestealer

    • Panda Stealer payload

    • PandaStealer

      Panda Stealer is a fork of CollectorProject Stealer written in C++.

      stealerpandastealer

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral14

    • Target

      Redline Stealer v24.2 cracked [XT_CH]/Panel/RedLine_24_2/FAQ (English).docx

    • Size

      30KB

    • MD5

      a973ea85439ddfe86379d47e19da4dca

    • SHA1

      78f60711360ddd46849d128e7a5d1b68b1d43f9f

    • SHA256

      c197833a3fd69e98fbf2b02e9da232ff2867e1e684d420fd3975188c0e0e202b

    • SHA512

      4a3fad33cccb15ea2d98bc30141744ba6709afec52d429ac0916aa656f4b611fdeda4b37812f0a72b90de000fc5c0f95bb445e5df67fc4ba6f93de5ce55df510

    • SSDEEP

      768:oi87zWNuZn3IZElFoL+goT2Ir9259IQ+409:oi8mQnXFoigoRr9aIvX9

    Score
    1/10
    behavioral15

    • Target

      Redline Stealer v24.2 cracked [XT_CH]/Panel/RedLine_24_2/FAQ(RUS).docx

    • Size

      51KB

    • MD5

      aa9534a22d08fb17b6c50164ca226aba

    • SHA1

      9d68e6e4b0ea3c41ad7f70733dc53628962765ce

    • SHA256

      e3f9590d0a28e8f17d40f9a5a5489a963c6d5e722a324adf0d1d666ea424c89f

    • SHA512

      a4290cf0f3ecbb25078a0d3f870ed6abcab83d831e107f59730cf5fbdbc0268ac831d8f31f18a08794e27e51ba302ecb5bdd4bac85f3887844ed881c363bb8b9

    • SSDEEP

      1536:YmF2FkS3yM0Yj3ePetyogAcLrANZLI3dakgXeV:YNFkGem74Lr+k3v7V

    Score
    1/10
    behavioral16

    • Target

      Redline Stealer v24.2 cracked [XT_CH]/Panel/RedLine_24_2/Panel/._cache_Panel 20.2.exe

    • Size

      170KB

    • MD5

      470a8267b5eba7eb998d9fa69532f849

    • SHA1

      1152ddb2ab93aae9983e3e8b5c4f367875323e3e

    • SHA256

      6cdb8d1af85d10ed3022ae0a183e3e9dff0ad1bc4a90915e7e41b600154a349e

    • SHA512

      5f151230dc97e0804cbe7b36ce9a4570023bdaf0283ae2681732a835c26e540ec93f9c56cd78599c8deeeaed10b2b50f9c976c85ad95d4e36460e05083f7048d

    • SSDEEP

      3072:O+STW8djpN6izj8mZwHQiWZqswqIPu/i9b+J2cOZTMi56+WpL:z8XN6W8mmdUwXPSi9b2c3

    Score
    10/10
    asyncratstormkittydefaultratspywarestealer

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Async RAT payload

      rat

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

    behavioral17

    • Target

      Redline Stealer v24.2 cracked [XT_CH]/Panel/RedLine_24_2/Panel/._cache_Panel.exe

    • Size

      1.1MB

    • MD5

      9484745bead43302d149113d418a3437

    • SHA1

      f28cdeb7daefa5be6d324a6c99cbb07a00f1b174

    • SHA256

      95b632d09117daa3bd75c70db03a128e222b7e78e0415d4a5ddb1f8664320e32

    • SHA512

      e07b57f95e7794dea137bb4d1517ccbf68c7327941096522f5d5bf5962e340f0a3d0431351c13fa8606e8c48532dcbdf31be364581287edc1ce9dfe4abdae449

    • SSDEEP

      12288:BMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9aN6qsUwXPDt4IN6qsUwXY:BnsJ39LyjbJkQFMhmC+6GD9YaJFawJ

    Score
    10/10
    asyncratstormkittyratstealer

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Async RAT payload

      rat
    behavioral18

    • Target

      Redline Stealer v24.2 cracked [XT_CH]/Panel/RedLine_24_2/Panel/Panel 24.2.exe

    • Size

      923KB

    • MD5

      ad5e1454eb96c012755dcab90cfd69cf

    • SHA1

      17f93458b223542eed1c269d9c64b8c39341b1cd

    • SHA256

      726725262283f68ec3e3f62d13863c7df9b08f54e19c28603407d98631468494

    • SHA512

      1f503e6619ff5cd87838b4618400ae54c24d5f618813cfd8ce7ecdd53f25d74186dda096a1a2ab49848184e22137c05de0fbf010a0ccc9adcc5b58e727da1d46

    • SSDEEP

      12288:0MSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9Z0N6qsUwXPDgj:0nsJ39LyjbJkQFMhmC+6GD9UaE

    Score
    10/10
    asyncratstormkittydefaultpersistenceratspywarestealer

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Async RAT payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

    behavioral19

    • Target

      Redline Stealer v24.2 cracked [XT_CH]/Panel/RedLine_24_2/Panel/Panel_crack.exe

    • Size

      276KB

    • MD5

      e1633061ed1f482f6beef10963a3cbbc

    • SHA1

      d6b0cda0ed1965190704f5b865bd968c51bd6acc

    • SHA256

      b14063638be7f779b3d4be67f2c3c7529b4324d276f802c440cde259e2121183

    • SHA512

      c5063ca55272dd78c0c137083e987052670ab2091d797ec864a217822f25788600b629cdbb9a6e32053aede7c97202983b65bf7a528b6746585885779b742b4d

    • SSDEEP

      6144:5SncRlJ8XN6W8mmdUwXPSi9b2c3lSncRl:44IN6qsUwXPDs4

    Score
    10/10
    asyncratstormkittydefaultratspywarestealer

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Async RAT payload

      rat

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

    behavioral20

    • Target

      Redline Stealer v24.2 cracked [XT_CH]/Panel/RedLine_24_2/Tools/Chrome.exe

    • Size

      1.1MB

    • MD5

      92cfeb7c07906eac0d4220b8a1ed65b1

    • SHA1

      882b83e903b5b4c7c75f0b1dc31bb7aa8938d8fa

    • SHA256

      38b827a431b89da0d9cdd444373364371f4f6e6bf299e7935f05b2351ca9186c

    • SHA512

      e2ee932f5b81403935a977f9d3c8e2e4f6a4c9a1967b7e1cf61229a7746a24aae486ac6b779fb570f1dff02a3ff30107044f0427ce46474b91d788c78c8fcfbf

    • SSDEEP

      24576:q6JGMnMpfVArKlhbP6GFibQC1QSvKZHHf1FqbI4Cn:47/MPGFibsSipHubPa

    Score
    8/10
    discoverypersistencespywarestealer

    • Downloads MZ/PE file

    • Modifies Installed Components in the registry

      persistence

    • Sets file execution options in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Registers COM server for autorun

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral21

    • Target

      Redline Stealer v24.2 cracked [XT_CH]/Panel/RedLine_24_2/Tools/NetFramework48.exe

    • Size

      1.4MB

    • MD5

      86482f2f623a52b8344b00968adc7b43

    • SHA1

      755349ecd6a478fe010e466b29911d2388f6ce94

    • SHA256

      2c7530edbf06b08a0b9f4227c24ec37d95f3998ee7e6933ae22a9943d0adfa57

    • SHA512

      64c168263fd48788d90919cbb9992855aed4ffe9a0f8052cb84f028ca239102c0571dfaf75815d72ad776009f5fc4469c957113fb66da7d4e9c83601e8287f3d

    • SSDEEP

      24576:MGHL3siy9J0/SmtLvUDSRbm4Jah1rVxL+iTOhYdeM+GkdnddMF2ScVC3oKNVpNXo:RL3s7mKeTUDBzrVxxOhYdeMinddG2lCK

    Score
    7/10

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral22

    • Target

      Redline Stealer v24.2 cracked [XT_CH]/Panel/RedLine_24_2/Tools/WinRar.exe

    • Size

      3.2MB

    • MD5

      b66dec691784f00061bc43e62030c343

    • SHA1

      779d947d41efafc2995878e56e213411de8fb4cf

    • SHA256

      26b40c79356453c60498772423f99384a3d24dd2d0662d215506768cb9c58370

    • SHA512

      6a89bd581baf372f07e76a3378e6f6eb29cac2e4981a7f0affb4101153407cadfce9f1b6b28d5a003f7d4039577029b2ec6ebcfd58e55288e056614fb03f8ba3

    • SSDEEP

      98304:lJXOBfK92HbAw0CNB3kJElzNsy8vGUvfCo3ABH43:lJ192HbAXCvDlzNsy8vGUyo3AB8

    Score
    1/10
    behavioral23

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

5
T1060

Privilege Escalation

Defense Evasion

Modify Registry

6
T1112

Credential Access

Credentials in Files

10
T1081

Discovery

Query Registry

16
T1012

System Information Discovery

22
T1082

Lateral Movement

Collection

Data from Local System

10
T1005

Exfiltration

Command and Control

Impact

Tasks

static1

ratdefaultasyncratstormkittyredlinesectopratpandastealer
Score
10/10

behavioral1

asyncratstormkittydefaultratspywarestealer
Score
10/10

behavioral2

pandastealerspywarestealer
Score
10/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

redlinesectopratinfostealerrattrojan
Score
10/10

behavioral8

pandastealerspywarestealer
Score
10/10

behavioral9

Score
1/10

behavioral10

asyncratstormkittydefaultratspywarestealer
Score
10/10

behavioral11

asyncratpandastealerstormkittyratstealer
Score
10/10

behavioral12

asyncratstormkittydefaultpersistenceratspywarestealer
Score
10/10

behavioral13

Score
1/10

behavioral14

pandastealerspywarestealer
Score
10/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

asyncratstormkittydefaultratspywarestealer
Score
10/10

behavioral18

asyncratstormkittyratstealer
Score
10/10

behavioral19

asyncratstormkittydefaultpersistenceratspywarestealer
Score
10/10

behavioral20

asyncratstormkittydefaultratspywarestealer
Score
10/10

behavioral21

discoverypersistencespywarestealer
Score
8/10

behavioral22

Score
7/10

behavioral23

Score
1/10