General
-
Target
rhino_en-us_7.29.23107.03001.exe
-
Size
293.3MB
-
Sample
230610-tmjt2afc75
-
MD5
a98cdb7c0f477d356997455b91ec0a83
-
SHA1
91b81bcc937779f65578b00303644469382ba6b8
-
SHA256
5b315a54591d573feb569d2471d8291351a552d4b3f2e35987bc93bee1218989
-
SHA512
f32c5a3c2bca72bcb8711c9f4edd0cd478d44dcdc7696005002a00b14bdcd37b689ee44e9d8e612e5b4307fa2d61e53430dc4eb202f2dcb326da4ed395f9ed04
-
SSDEEP
6291456:lj7SKgeBv0/wFJblMRI5c1ec1JSq5BTTUkP9DOJd9CgSKMfRxR:ljlqwpAI5c1eQvvTX9CTcWMnR
Static task
static1
Behavioral task
behavioral1
Sample
rhino_en-us_7.29.23107.03001.exe
Resource
win10-20230220-es
Malware Config
Targets
-
-
Target
rhino_en-us_7.29.23107.03001.exe
-
Size
293.3MB
-
MD5
a98cdb7c0f477d356997455b91ec0a83
-
SHA1
91b81bcc937779f65578b00303644469382ba6b8
-
SHA256
5b315a54591d573feb569d2471d8291351a552d4b3f2e35987bc93bee1218989
-
SHA512
f32c5a3c2bca72bcb8711c9f4edd0cd478d44dcdc7696005002a00b14bdcd37b689ee44e9d8e612e5b4307fa2d61e53430dc4eb202f2dcb326da4ed395f9ed04
-
SSDEEP
6291456:lj7SKgeBv0/wFJblMRI5c1ec1JSq5BTTUkP9DOJd9CgSKMfRxR:ljlqwpAI5c1eQvvTX9CTcWMnR
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
Downloads MZ/PE file
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-