Overview
overview
10Static
static
10CHETO_PC.exe
windows7-x64
10CHETO_PC.exe
windows10-2004-x64
10config/Addition.dll
windows7-x64
1config/Addition.dll
windows10-2004-x64
1config/Cracker.dll
windows7-x64
1config/Cracker.dll
windows10-2004-x64
1config/Helper.dll
windows7-x64
1config/Helper.dll
windows10-2004-x64
1config/Resource.dll
windows7-x64
1config/Resource.dll
windows10-2004-x64
1General
-
Target
CHETO.rar
-
Size
14.2MB
-
Sample
240308-2tl7qsac71
-
MD5
89dafd1086b6a47c81433c96e038ce89
-
SHA1
033adb8e91e6276efc5df7d9b7d4224ceb0cf5d7
-
SHA256
99edccbceab0f05ccff7eb0d41e885b53d323bfaadd5da5699173a6aa2673915
-
SHA512
bea4de125cbca940dedd2d9045bc7e2c1c6ea629d8cb25969e0f6e623016e52bd143d71501b8e959120d78117edca043bf4273869266bcef1087b0fbff5b12c5
-
SSDEEP
393216:7h3M99LkIg4rkdwMz1xsGhe6HohXU/Fsy+vJ4:NcPLdRrkiy2UeVlUtsy+vJ4
Behavioral task
behavioral1
Sample
CHETO_PC.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
CHETO_PC.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
config/Addition.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
config/Addition.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
config/Cracker.dll
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
config/Cracker.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
config/Helper.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
config/Helper.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
config/Resource.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
config/Resource.dll
Resource
win10v2004-20240226-en
Malware Config
Extracted
redline
@FernandoKappuccino
45.15.156.167:80
Targets
-
-
Target
CHETO_PC.exe
-
Size
6.2MB
-
MD5
3d9b9f001c35769d0c3ff2f112d90a83
-
SHA1
6a250a74f5f191cd9d801ed3c06331f5373bbaf0
-
SHA256
84aceac4509de7324667af032799ad33c7afeadaa02fc9ca1cd7ee8e0c1d4531
-
SHA512
1cdf92019a3563dfef9f864fe85d5a4868e4208e3fba21eb4c654cfecc61b424554505bc004e5cef1a2d3ed4946b179f990411a4ece6602c99f4937b7b4ee795
-
SSDEEP
98304:KozLwLwrQfcfNeioG5Uy1MY4NS5On3dRdtS85kFXyoMxX1msHGH:KozLuqQfc7oGPKY4NS5ORE8kVy7lbHGH
-
Detect ZGRat V1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
-
-
Target
config/Addition.dll
-
Size
30KB
-
MD5
f22e849a370cdf127f48beab596bdd81
-
SHA1
fb1da47c7a246f2cda7f7686a468efafd9933b1e
-
SHA256
8be1f5581437b6f5ba48705e8956c8bc0765bbd1d6053242640c75bd94048aa9
-
SHA512
6ded81fe4d4db69586d74fdb425c4fc8c092508e7e0b49eb141a9045abf40626d14659fa6237a3920e58571ca7acf4911cdf03c4307fd89b6dc5e54172afbc14
-
SSDEEP
768:Fol18SuOO3bBAughXjNPQsXVjWuu7jqWdTS2gS:er6tAugVjN4sXJYjqWdm2V
Score1/10 -
-
-
Target
config/Cracker.dll
-
Size
56KB
-
MD5
404aacc737a9d30147d30cee6be0abba
-
SHA1
5f49b9197d73b53eb3473c80a6f25dc068421baf
-
SHA256
3eec59d6aa2a45e368b99d09bcedf228290656a88de8a09ccc91867ab71f228c
-
SHA512
eb3716304571727d3134da4da46c5c91276afa20f5da26f2b89cc0cdc19f98592322b5e85fdc6a36e51636298ffac456a9057ed7d10c17e4955c4307cb933f20
-
SSDEEP
384:poaSsZTSyPG0TLMU9mCzkcu/b49Pji7iJI5TZCP56vS1a+dYUFv8WTa:W1yR8U9mCzkcu/8V2iP56v/+G0a
Score1/10 -
-
-
Target
config/Helper.dll
-
Size
189B
-
MD5
9bb9aba5dd893bbccfa45e2d75d55d26
-
SHA1
5714796513341ac3159a6a3c23d4769209063d35
-
SHA256
6b325cadd8992d998c4fbc8ed56079c2850b68ea2d38432d51c26ce82b0a5419
-
SHA512
f57df9a4a02bd17772acb3ac1a0d961c53f6940600b58834ae38c198a98ae651a21b382450b267aeffbca4ab262668ae471a78ed99bf9dfa414c1316056a289b
Score1/10 -
-
-
Target
config/Resource.dll
-
Size
10.7MB
-
MD5
641dadbb3f03938da99bf7c6c4cc482f
-
SHA1
b21bdb69a17642ade8e62fcbd779ff1bc89ea809
-
SHA256
883aefb081a1f9ef974ceb16e12c215e92fee13531c052279404bd11b2f8e479
-
SHA512
7aea5f0db9b261a17801124d6eef0df2d3ada4a6f624c8f4f2ee519a61171a3f06de9032493e3309a1a982fd1218613dde73a942942df2a8ec367e7f66a531f5
-
SSDEEP
196608:8B4DNtjVoWhIdAXplnpnh4uIKZ2K245peMKU3lRM9RVIO+QvSNG2uM+XGE4:04vWGIun1GKZ/2aZKU3lRvO+QvQgGP
Score1/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1