General

  • Target

    Katana.exe

  • Size

    4.2MB

  • Sample

    230507-k32v4sdc57

  • MD5

    f535b8e4c0387ad3311772ed6e203da3

  • SHA1

    3d32e3e014d7f715f38ccab88522ebd0385f0d44

  • SHA256

    43356d754fb7ddeb493c95127122e3ee6126d8408936e7b8cbc7c5554efca1bc

  • SHA512

    5c6eb9375474d148905b6bfcdd8520b86a1ef2936ae54ce363ff76bdbd770ad621e28f57c54807a78dcb42244752179c7cfe7cfc66606a29d930465e524f8ade

  • SSDEEP

    98304:c6ecDDnS/05ocJ2mTYmFxMEpBhU6JxzXn0s6Hr+0Eeghkzhhc1uw3KHtKI3HHAiZ:c6ecDDnS/05ocJ2mTYmFxMEpBhU6JxzE

Malware Config

Targets

    • Target

      Katana.exe

    • Size

      4.2MB

    • MD5

      f535b8e4c0387ad3311772ed6e203da3

    • SHA1

      3d32e3e014d7f715f38ccab88522ebd0385f0d44

    • SHA256

      43356d754fb7ddeb493c95127122e3ee6126d8408936e7b8cbc7c5554efca1bc

    • SHA512

      5c6eb9375474d148905b6bfcdd8520b86a1ef2936ae54ce363ff76bdbd770ad621e28f57c54807a78dcb42244752179c7cfe7cfc66606a29d930465e524f8ade

    • SSDEEP

      98304:c6ecDDnS/05ocJ2mTYmFxMEpBhU6JxzXn0s6Hr+0Eeghkzhhc1uw3KHtKI3HHAiZ:c6ecDDnS/05ocJ2mTYmFxMEpBhU6JxzE

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • ElysiumStealer

      ElysiumStealer (previously known as ZeromaxStealer) is an info stealer that can steal login credentials for various accounts.

    • ElysiumStealer Support DLL

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • AgentTesla payload

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks