Resubmissions

23/02/2024, 07:48

240223-jnj63seb35 10

General

  • Target

    ExternalMenu24.rar

  • Size

    69.8MB

  • Sample

    240223-jnj63seb35

  • MD5

    daf488a310614def1484a5ac551981fc

  • SHA1

    c3d796aee7aefc6f4420ec7006204e1373a7e09a

  • SHA256

    b55144ea74fc8c9b86d1ad4ec0eddbc15f9cde13c55fbca94a1a2702e1406fec

  • SHA512

    c4a64c617fe6d17fcaa69fe4264d2d166a6f93f7e16695526e1c3eb457a883f02d7a6c9c7f8ecf0e20aa27652bd67c85aec9d3d0a2f0967cfa1bd37e876b577c

  • SSDEEP

    1572864:TzaactGjc4KUA+VtK1pat8fpMVgHkF1EBD7tuz9ozr1:CacojdrAVkt8xMVgHq1iBueH1

Malware Config

Extracted

Family

redline

Botnet

@lipy4ka

C2

45.15.156.167:80

Targets

    • Target

      ExternalMenu24/External2.4.exe

    • Size

      461KB

    • MD5

      5c8d1a391ae4a20f5a03c0dc40962915

    • SHA1

      eaac98290e8ce39c69f0df524c631432eb1bb910

    • SHA256

      00339e723c00c2446e6090234a5b914867ed631b10317fbffaf1cf20876ac505

    • SHA512

      880cdd1a17e47fde33241c89531d81ae2213ef52825984ca32dece4f07667d50f105a522c936259b7f2bf9b4d3f108cd514bcdefd71aa00d79ec3d980998db17

    • SSDEEP

      6144:CJJhkoF6kKC/XXcskh2HlaR80tD+47j3loNh93du:8JhkhCvrkh2Hlo+I1oNh93A

    • Detect ZGRat V1

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

    • Target

      ExternalMenu24/libGLEv2.dll

    • Size

      6.8MB

    • MD5

      90ad3c47740fce98015444d1289af9b9

    • SHA1

      0135a04b2b590e1647e3a2b123596d62d57fece0

    • SHA256

      2082c51a86bc8b7cd5e69cf5d43914efe5d939c90503539d657fde7915a95ae1

    • SHA512

      40bdd65a9fa761bd3835ea9fb8c4c4d90531253d9dc7183d59c2051a627afc8b267d8de7e7478396e9fb779796f2b7e9b012564446671b4ed06427de5e93689e

    • SSDEEP

      98304:WYasIDptJ/QOjZfU5Q9S6Vaem7EdGSfhgbMKl4F:WJJd59Hk392thgbMim

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks