General
-
Target
4 Dropped Samples.zip
-
Size
17.3MB
-
Sample
231207-175qkafh88
-
MD5
0d7401f6dc5c7f28b43301cd622fde99
-
SHA1
9fab1a2f8930719c3d141ad349671c75450c623e
-
SHA256
b800631ab0db1e2535aaa0d6c0de2e170b40c2583758cdb47b18bee239a7df47
-
SHA512
0cf43f043d9dcfb9053a403e674ad38d35a318ef7644c6c6c6d00486550f4d512802c93a7a9429702ac931b3d6b7a9f0b20bf2b00702448a36170a8f34e421a8
-
SSDEEP
393216:Pk8W3++o4LKRlC7/xZ7ajek8W3++o4LKVTuaqXq563NBF0wO:O33ql84d33gqEWNf0b
Static task
static1
Behavioral task
behavioral1
Sample
4 Dropped Samples.zip
Resource
win11-20231128-en
Malware Config
Extracted
redline
LiveTrafic
195.10.205.16:1056
Extracted
redline
@ytlogsbot
194.169.175.235:42691
Extracted
lumma
http://zamesblack.fun/api
Targets
-
-
Target
4 Dropped Samples.zip
-
Size
17.3MB
-
MD5
0d7401f6dc5c7f28b43301cd622fde99
-
SHA1
9fab1a2f8930719c3d141ad349671c75450c623e
-
SHA256
b800631ab0db1e2535aaa0d6c0de2e170b40c2583758cdb47b18bee239a7df47
-
SHA512
0cf43f043d9dcfb9053a403e674ad38d35a318ef7644c6c6c6d00486550f4d512802c93a7a9429702ac931b3d6b7a9f0b20bf2b00702448a36170a8f34e421a8
-
SSDEEP
393216:Pk8W3++o4LKRlC7/xZ7ajek8W3++o4LKVTuaqXq563NBF0wO:O33ql84d33gqEWNf0b
-
Detect Lumma Stealer payload V3
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of SetThreadContext
-