General

  • Target

    CartoonClassic.rar

  • Size

    81.4MB

  • Sample

    230424-w6p69sfe3y

  • MD5

    1823281d282b4b92516fb48948208547

  • SHA1

    984eb625d528e7301e1942059e2b815555070380

  • SHA256

    dc1ea6b861d2c4c36abe609c77d3dc79e070b1b454b99e5dfdad40aa30ace1cf

  • SHA512

    994f26d14ad3a756ba2d3abf80b9b2e6e74a03c3e19638a951aea3204d5c775c7fa1c44569b796629eff1e176f4a16a7ae3005ff102a3dcab1304b2cdedf8efc

  • SSDEEP

    1572864:k4Wdfp2AFoPHRmjYJt48ggINJH5OLXKaGy08HueAXQ60TWfU0FRl5kll:k4qfxoPHJgL5OLM6n3Wno

Malware Config

Targets

    • Target

      CartoonClassic/CartoonClassic.exe

    • Size

      64.0MB

    • MD5

      ef694636fe731c252486c583a110c35f

    • SHA1

      9e571561fbe9a50ec63147d419c38d0b6b9b94ca

    • SHA256

      84c9b03576a8f4ae8cea514cadc643d49be7031c5de37c9bacc1b40ef3915ee7

    • SHA512

      81892677c71a86bea59adc7e3e2adbed1bb73e873f0036ba9fa36b044051c303751597aee7bd8b6059569e1c229037affdcb715d78f48a4508515fad3207d0e1

    • SSDEEP

      1572864:AjddrbWn/xCDvXbZJoOh4VYgU9PHd5oe3gtwV8s4z7zjayf:4fWnJCLXdVhgYd5fgW6s47jayf

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v6

Tasks