Overview

overview

10

Static

static

3

Mod Menu 1...lf.dll

windows7-x64

1

Mod Menu 1...lf.dll

windows10-2004-x64

1

Mod Menu 1...GL.dll

windows7-x64

1

Mod Menu 1...GL.dll

windows10-2004-x64

1

Mod Menu 1...GL.dll

windows7-x64

1

Mod Menu 1...GL.dll

windows10-2004-x64

1

Mod Menu 1...v2.dll

windows7-x64

1

Mod Menu 1...v2.dll

windows10-2004-x64

1

Mod Menu 1...er.dll

windows7-x64

1

Mod Menu 1...er.dll

windows10-2004-x64

1

Mod Menu 1...er.dll

windows7-x64

1

Mod Menu 1...er.dll

windows10-2004-x64

1

Mod Menu 1...al.dll

windows7-x64

1

Mod Menu 1...al.dll

windows10-2004-x64

1

Mod Menu 1...en.dll

windows7-x64

1

Mod Menu 1...en.dll

windows10-2004-x64

1

Mod Menu 1...ws.dll

windows7-x64

1

Mod Menu 1...ws.dll

windows10-2004-x64

1

Mod Menu 1...nu.exe

windows7-x64

3

Mod Menu 1...nu.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Mod Menu 1.3.rar

  • Size

    25.3MB

  • Sample

    240213-ejqqvaha6w

  • MD5

    2441faea98e98bad01d7f8ff2435ab92

  • SHA1

    5216173cd4523d2ffc81c8d68a57c76e2e0aea9c

  • SHA256

    4ffd4c272fd15fd56519eb09b60df2b76368283b5e51a402d7324251542279eb

  • SHA512

    8af8db65fa740ec10e005448fdea50667a9c54893325c263acf7cefa266be7ee172fa4b280a087d98191c60f33fd0e99fc7f71a365ae425ec2e136a4e0d99602

  • SSDEEP

    393216:hR5UT3ohCXNT289dCUTuokYoMYzg5RXA2LdhrLI/nYUlVJRBf0Q/brIgh6Xah:hRGT3guT2EPbe2RVLdhIPXlrc2rhh6O

Score
10/10
redline@elprimov_lztdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

@elprimov_lzt

C2

45.15.156.167:80

Targets

    • Target

      Mod Menu 1.3/App/chrome_elf.dll

    • Size

      852KB

    • MD5

      27a6fae193b64ff6cbde8129968bed28

    • SHA1

      862c4257d6018b25f762734ceffd03cb6fa7e94b

    • SHA256

      df6992d3daa2c49e853b6aad730660b3d0c913906cb27a29076ad99053bf141e

    • SHA512

      e220c36566b00e0f75079e411c1117a058201d15ad97f36e52d6e760b40a23625e590f77ee2581bc848ff1146eb054213da3f3e5dfb7aee185e161c41d5d08cd

    • SSDEEP

      24576:vOMzp7dCnCOO/qsFoKAl/t9/EzoIWgo3:HddCnl4fcEzoIWgo

    Score
    1/10
    behavioral1behavioral2

    • Target

      Mod Menu 1.3/App/libEGL.dll

    • Size

      462KB

    • MD5

      c05f866a57fe0eaeaea30a88e8ea4045

    • SHA1

      30d91814eb79c6051338506b2e2f294397aaf6f5

    • SHA256

      82737744f249882701ee5ee5b4e123bfa832d8db0ca1be5c3fe4ec6956d3c004

    • SHA512

      976050e572fdc52f5809a9352952028cf0bed5b51463e92d81a2a70ba0beb6a5fe9c316a5a3d085c9d4f2649415625c0789265d9daca6574fc637eb03bb97b40

    • SSDEEP

      6144:O7Za8kUX/jvtGTB0ISW4fKHlLMQs3I3gQeHzd2Mgd7McviJT1BziI:+aMX/jvtGTBDSW4yWIi5cv0ziI

    Score
    1/10
    behavioral3behavioral4

    • Target

      Mod Menu 1.3/App/swiftshader/libEGL.dll

    • Size

      331KB

    • MD5

      d5a1d8edd220546bb28966947603c0ce

    • SHA1

      9c82abbb1ea0a09f43a95c2c64f27017685d658e

    • SHA256

      d5c60cd8f183698194cd224657fc3a916200adaecf4afec0dbe1f3f4168d2456

    • SHA512

      6f4afa5705a008eec2adef0e99fe8f1396134e42c2ed66be664ccd2b155451d2d47662acf20902e0330d818871fdb63ce1cb8ac839bbf0884697c3b0243bdd33

    • SSDEEP

      6144:a4DEXF+GU1ZAfyMuNB6DAbHCR81qeOwf+8v+WU3H36Dlj3NSuvaxoG8:R8F+pbA2Y81BOwWE+WU3HqZOz8

    Score
    1/10
    behavioral5behavioral6

    • Target

      Mod Menu 1.3/App/swiftshader/libGLESv2.dll

    • Size

      2.3MB

    • MD5

      23b8f6b1f7c2b3259553b146fb595c22

    • SHA1

      5e3e0821ffcccc3eb6bc3391bcb9ba569814a3ad

    • SHA256

      70cf3c6ed01b79764d4cbea68abbf3118c768eb766f764f614655fa9aa22ae66

    • SHA512

      f4be1b8f3ce0ae33b93bb61a2497e8a9bed11d3a8c3aa31bae7eff893ca8e244237266791bb6e965895fe391525f2fe192d9efcea9bf0dea04e22a4794a09465

    • SSDEEP

      49152:KRXsEpznERd0qHcuRGzpiLEa1u1bbJ2W9PKCaY8FNfRpkYkRgatde7/LKT0AMFJO:KRNpIiMF6GJSUFpUq

    Score
    1/10
    behavioral7behavioral8

    • Target

      Mod Menu 1.3/Data/eventlog_provider.dll

    • Size

      15KB

    • MD5

      e33bbf6dc63bcfea39476b3694175ec4

    • SHA1

      5765654bbb42daefdc277b30af930042f9234d8b

    • SHA256

      68b68fd320f077b28a17f6393d8be7cab0728b964779176fbb06af1c5c0489e2

    • SHA512

      c3a2071760eec67ad674c8862a93489e3df6db51d3dcb27bd36974f5a44c477a7678b28ed13b5318d78e6a2b8cc7d314f4678199345aaf0f018541b788b4829b

    • SSDEEP

      192:bgeA2MsFIYiYF8m/Ex72f63mQWJfsHR9y2sE9jBFLpyXhze:btMcIYi6y3mQ4i/8E9VFLa6

    Score
    1/10
    behavioral10behavioral9

    • Target

      Mod Menu 1.3/Data/plugins/bearer/qgenericbearer.dll

    • Size

      87KB

    • MD5

      07c9ac52607af53aced1f2f42eeb8a8c

    • SHA1

      156cccc321e621d2821b3d7dce6284d481f6f579

    • SHA256

      a82aa3b3fe6a8f916c77ab57525de9fb7ab09ac77515b4cd9020903c8fa8b6e6

    • SHA512

      425e4319c242e046a657bd8d34ff6f8205d9d825ba4e65c531759812891df78f954a38e0bba83fcde65fb8887b417ecc354f0ee32da891b3a700f3d84e4a7418

    • SSDEEP

      1536:rJRT1aojKGgIBSaFYeQPkRjiS20gMf77b4EWcbq2:rJaCgIEJeQPkRjih8f77cEWcN

    Score
    1/10
    behavioral11behavioral12

    • Target

      Mod Menu 1.3/Data/plugins/bearer/qminimal.dll

    • Size

      1.0MB

    • MD5

      d9b7c18b8e8279b081ca5b4e1104796c

    • SHA1

      f958e21cbc33cbdd0b4c73d7e908a04c12a726c4

    • SHA256

      9c2b62c3ebfc7f102badabda4c9241f00e04b79b1bafdbcb90df2de4f2217854

    • SHA512

      42bd82129e036292247be9e7c109f7c534341976fe181cd81d1a3676dc6cf183168d3bd95eeb068455dd9e2006eb06715bb46478110d1b295526b141cca15a0e

    • SSDEEP

      24576:Eb0bT3eeMyH37KnOnN3vUesQQZZTkrJmrX:E4bT3TCON3vUbTumr

    Score
    1/10
    behavioral13behavioral14

    • Target

      Mod Menu 1.3/Data/plugins/bearer/qoffscreen.dll

    • Size

      919KB

    • MD5

      aaa7cbe823e9a3577ae2cd8b5bbaab35

    • SHA1

      5300b8f0702d524da1789a46b06aa4306f8bca56

    • SHA256

      090cd0aec429b1e0c884ccb4b8eb9af19e98d3b9fa0902b0802a43baf09d95fa

    • SHA512

      86c1c75c609fb9e30dd885d8ad1e5d3350fd2171c28efc51bece799cebb311ab12a8788e1fb6ae97f002dedff1c7a641ff679f9c955658ace0cded9036a4206c

    • SSDEEP

      24576:l6Ht8gTaVUVAwIWinHkTXO0BsQ0ZHpTdHAYp:Ot8gTauyHwXO0KpTKi

    Score
    1/10
    behavioral15behavioral16

    • Target

      Mod Menu 1.3/Data/plugins/platforms/qwindows.dll

    • Size

      1.8MB

    • MD5

      9296b0e9ca1bb396554b7ca060079ed2

    • SHA1

      a868751d0ea5f0d7b5324ad14a87da70f89057dc

    • SHA256

      cd2e1a089762fe505b9a62dd4256fc6e0e38e4ee7a92666d7a82952cbe728087

    • SHA512

      9be361069d43af46d865b59526e9ca6c1971427515d16dc6631765ac3b24aed557cded892662473cee12db1399583a42be955decc560da854331b927f03395a1

    • SSDEEP

      24576:y+oBEgj/yeR+LsTBLqj0KBbBnDWpOXpp+sQmE5ZATQOBUZeVrLVxOfj:xsjaeR0sTBm3DAOXDtfTC+rLVc

    Score
    1/10
    behavioral17behavioral18

    • Target

      Mod Menu 1.3/Mod Menu.exe

    • Size

      473KB

    • MD5

      463b959d956774cfea752efb0c686400

    • SHA1

      983acf4cbfee570686ca72e63674e0c92d82797f

    • SHA256

      8175523cadd249390885f1f5842be18bc57a3bcecf550e5a19a6911cc273a5d1

    • SHA512

      7ff73a35ee2d47166bce5729e540437f1a2a28f69049f754b9d5bc547b6d0127c245afc7bae85015d71c7b6a9ef43923b7f2a0fe17ea2b94bb381623a810bed1

    • SSDEEP

      12288:Mh1Fk70Tnvjc12wmPyaZwbaXMN/6JBsq4GxoSp:Ck70Trc19mPL19BsqjxoSp

    Score
    10/10
    redline@elprimov_lztdiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral19behavioral20

MITRE ATT&CK Enterprise v15

Tasks