Resubmissions
11-02-2024 08:10
240211-j212ragb47 1011-02-2024 08:09
240211-j2kprseb2w 1009-02-2024 18:28
240209-w4c4xsde9t 1002-02-2024 12:52
240202-p4dxwsgfej 1002-02-2024 12:45
240202-pzapnsgdbp 1016-01-2024 15:29
240116-sw8dbaehh3 1010-01-2024 14:41
240110-r2wq2ahchl 1010-01-2024 13:29
240110-qrqatshbg3 1022-12-2023 08:48
231222-kqp1sadghq 10General
-
Target
4363463463464363463463463.bin.zip
-
Size
4KB
-
Sample
240202-p4dxwsgfej
-
MD5
4204f7bcb4ce002240de2af9fc5f4264
-
SHA1
83fb5688b0cffa93b06719d0fc5b62f70af460c5
-
SHA256
0c951f58a23cd2c9bdccb727d41e33e740344af36d91419907ce016977b2a62d
-
SHA512
75a636889904293bb493957af9fecf5ad044ff44bb82c07b550473e6af45931ece7f2e72b53891a90c4045f8d816752414c560d2486f055824f069e6573bf103
-
SSDEEP
96:fq6yIIHV+fWsPpulzlC8luqtW5idkvRmb/DLr2OtWtvJAsO13uhy5RKd9Wj:BIHV8WN5lu4iiTD/COtSvJAF1Gy5RKdC
Static task
static1
Malware Config
Extracted
redline
@oni912
45.15.156.209:40481
Extracted
stealc
http://185.172.128.79
-
url_path
/3886d2276f6914c4.php
Extracted
formbook
4.1
jn85
106c6423c3.com
vittoriospumpherston.co.uk
furniture-best.com
employersfindme.online
colegioagustinruiz.com
fuziservice.com
differentlokal.com
azzfasst.com
kerncereus.online
johnschottllc.com
disembark-burgeoned.click
cabliviwarranty.com
justzionism.com
diplomy-ua.top
cloudadonis.com
vaalepoxies.africa
ky2088.vip
gsportal.africa
alphastrength-us.com
homerams.com
yelkovan.app
footballresults.website
shopjollybox.co.uk
arshisboutique.com
adef-residence.com
bigmoneypitch.com
reconectar.net
dolus-cularivan.sbs
glsqqq.top
danielaswaebe-gma.com
aimannammara.com
hongyuexiecai.com
controlspaigive.com
boehlyelectronics.com
buylikeking.com
baamodels.com
family-doctor-47453.com
gztx020.com
thefrenchobsession.net
hivebev.com
162988.net
wfg.africa
grafisk-formgivning-kurs.click
hucan56.com
prodentimtry.net
globalfinance.shop
julianagreenhousesdirect.co.uk
cesaralopez.com
amsgroupinternational.net
bahaplus.com
christmostree.shop
autenticromanescgera.com
clippersbrshop.com
wertoz.xyz
diingkuen.net
juicers.pro
38413.net
fedexaus.top
beingabroad.store
24-02-2022.site
agenrusia777.day
doloresurquiza.com
aquariumwalking.com
6n876.com
lkyfzzzyhzslhs.net
Targets
-
-
Target
4363463463464363463463463.bin
-
Size
10KB
-
MD5
2a94f3960c58c6e70826495f76d00b85
-
SHA1
e2a1a5641295f5ebf01a37ac1c170ac0814bb71a
-
SHA256
2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce
-
SHA512
fbf55b55fcfb12eb8c029562956229208b9e8e2591859d6336c28a590c92a4d0f7033a77c46ef6ebe07ddfca353aba1e84b51907cd774beab148ee901c92d62f
-
SSDEEP
192:xlwayyHOXGc20L7BIW12n/ePSjiTlzkGu8stYcFwVc03KY:xlwwHe/20PKn/cLTlHuptYcFwVc03K
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Formbook payload
-
Downloads MZ/PE file
-
Stops running service(s)
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
1