General
-
Target
ExternalMenu24.rar
-
Size
69.8MB
-
Sample
240223-jnj63seb35
-
MD5
daf488a310614def1484a5ac551981fc
-
SHA1
c3d796aee7aefc6f4420ec7006204e1373a7e09a
-
SHA256
b55144ea74fc8c9b86d1ad4ec0eddbc15f9cde13c55fbca94a1a2702e1406fec
-
SHA512
c4a64c617fe6d17fcaa69fe4264d2d166a6f93f7e16695526e1c3eb457a883f02d7a6c9c7f8ecf0e20aa27652bd67c85aec9d3d0a2f0967cfa1bd37e876b577c
-
SSDEEP
1572864:TzaactGjc4KUA+VtK1pat8fpMVgHkF1EBD7tuz9ozr1:CacojdrAVkt8xMVgHq1iBueH1
Static task
static1
Behavioral task
behavioral1
Sample
ExternalMenu24/External2.4.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ExternalMenu24/External2.4.exe
Resource
win10v2004-20240221-en
Behavioral task
behavioral3
Sample
ExternalMenu24/libGLEv2.dll
Resource
win7-20240215-en
Behavioral task
behavioral4
Sample
ExternalMenu24/libGLEv2.dll
Resource
win10v2004-20240221-en
Malware Config
Extracted
redline
@lipy4ka
45.15.156.167:80
Targets
-
-
Target
ExternalMenu24/External2.4.exe
-
Size
461KB
-
MD5
5c8d1a391ae4a20f5a03c0dc40962915
-
SHA1
eaac98290e8ce39c69f0df524c631432eb1bb910
-
SHA256
00339e723c00c2446e6090234a5b914867ed631b10317fbffaf1cf20876ac505
-
SHA512
880cdd1a17e47fde33241c89531d81ae2213ef52825984ca32dece4f07667d50f105a522c936259b7f2bf9b4d3f108cd514bcdefd71aa00d79ec3d980998db17
-
SSDEEP
6144:CJJhkoF6kKC/XXcskh2HlaR80tD+47j3loNh93du:8JhkhCvrkh2Hlo+I1oNh93A
-
Detect ZGRat V1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
-
-
Target
ExternalMenu24/libGLEv2.dll
-
Size
6.8MB
-
MD5
90ad3c47740fce98015444d1289af9b9
-
SHA1
0135a04b2b590e1647e3a2b123596d62d57fece0
-
SHA256
2082c51a86bc8b7cd5e69cf5d43914efe5d939c90503539d657fde7915a95ae1
-
SHA512
40bdd65a9fa761bd3835ea9fb8c4c4d90531253d9dc7183d59c2051a627afc8b267d8de7e7478396e9fb779796f2b7e9b012564446671b4ed06427de5e93689e
-
SSDEEP
98304:WYasIDptJ/QOjZfU5Q9S6Vaem7EdGSfhgbMKl4F:WJJd59Hk392thgbMim
Score1/10 -