General

  • Target

    pegieigh.rar

  • Size

    5.1MB

  • Sample

    240222-qmmddaad57

  • MD5

    aba0d23b40dba70fbf3b3643085d8a25

  • SHA1

    54fe7450d6eb062f845a25a2c87ed0cde3999ae2

  • SHA256

    87cc10a52a2125a4a1166cd4b5ac9697cbb2ba7cb795b8883fe0b57a516829b9

  • SHA512

    a413687606ea42c69958ec61ef400ee9bfa151e8285854e7ead326e1aeff485c4f7fdbeb87e0f00fb855f1a5d74aeb00343db873a4736bfd4fbdb0b891709be2

  • SSDEEP

    98304:MYBS/cyqzqBwZJ2GE+KSuvcolFSgmFmGnaJZy6uVhIfjfF:MYBgsqfS/20FmOaJmVgbF

Malware Config

Extracted

Family

redline

C2

45.15.156.142:33597

Extracted

Family

lumma

C2

https://assumptionflattyou.shop/api

https://technologyenterdo.shop/api

https://detectordiscusser.shop/api

https://turkeyunlikelyofw.shop/api

https://associationokeo.shop/api

Targets

    • Target

      pegieigh.rar

    • Size

      5.1MB

    • MD5

      aba0d23b40dba70fbf3b3643085d8a25

    • SHA1

      54fe7450d6eb062f845a25a2c87ed0cde3999ae2

    • SHA256

      87cc10a52a2125a4a1166cd4b5ac9697cbb2ba7cb795b8883fe0b57a516829b9

    • SHA512

      a413687606ea42c69958ec61ef400ee9bfa151e8285854e7ead326e1aeff485c4f7fdbeb87e0f00fb855f1a5d74aeb00343db873a4736bfd4fbdb0b891709be2

    • SSDEEP

      98304:MYBS/cyqzqBwZJ2GE+KSuvcolFSgmFmGnaJZy6uVhIfjfF:MYBgsqfS/20FmOaJmVgbF

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks