General

  • Target

    cc dumper.exe.bin

  • Size

    69.1MB

  • Sample

    230501-w2lchsed7s

  • MD5

    478709030e5d3855f49f91a7a25d4966

  • SHA1

    a2d4759a8400826ef33f53cfdfb5c360abfc35b3

  • SHA256

    8da2b336323df69f79a88ce0debd83296f1e621b41ce4248573bc1bf22c270f3

  • SHA512

    5af417ac7542154a9186411e13103bd3f94b60c99108f3b7e2872d1799973b368b5dd595fb9d2fb11bf0c26e424d763ae744f167e60025fdfbee273e1e59a4e5

  • SSDEEP

    1572864:AjddGv6A4akxPU9ZKlJBthhAQaRAVvhHUzqkbeIq6o3Lu7Cym0Lc:4GvBL0PUzKlHzmQ++Z8qkbeIqz3LuXLc

Malware Config

Targets

    • Target

      cc dumper.exe.bin

    • Size

      69.1MB

    • MD5

      478709030e5d3855f49f91a7a25d4966

    • SHA1

      a2d4759a8400826ef33f53cfdfb5c360abfc35b3

    • SHA256

      8da2b336323df69f79a88ce0debd83296f1e621b41ce4248573bc1bf22c270f3

    • SHA512

      5af417ac7542154a9186411e13103bd3f94b60c99108f3b7e2872d1799973b368b5dd595fb9d2fb11bf0c26e424d763ae744f167e60025fdfbee273e1e59a4e5

    • SSDEEP

      1572864:AjddGv6A4akxPU9ZKlJBthhAQaRAVvhHUzqkbeIq6o3Lu7Cym0Lc:4GvBL0PUzKlHzmQ++Z8qkbeIqz3LuXLc

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks