General
-
Target
red.zip
-
Size
13.0MB
-
Sample
240513-nfyfysca9x
-
MD5
12204767a7b996c0c1c39e4ee316cd34
-
SHA1
f1a95abf5ae054faf2e944963d225abdb961b83f
-
SHA256
4aebbb23d160253876cc3a93c7cc31ed0c48645ae04070345bb5933ed4efee04
-
SHA512
97e66a5cd7ab6021092d785beb7a90987ffffce55754d33e6d00978b1771ad05c68a79b001cfcdc8e8077b6026f51dfc7d4f99a435db2ab7ff9a373b875354ae
-
SSDEEP
393216:w62NavYqKEfgRfKmdKk7+N+EE//FWwRhSv:h2YnKEfcfJKDN+L/lM
Malware Config
Extracted
redline
debro
185.161.248.75:4132
-
auth_value
18c2c191aebfde5d1787ec8d805a01a8
Extracted
lumma
https://zippyfinickysofwps.shop/api
https://acceptabledcooeprs.shop/api
https://obsceneclassyjuwks.shop/api
https://miniaturefinerninewjs.shop/api
https://plaintediousidowsko.shop/api
https://sweetsquarediaslw.shop/api
https://holicisticscrarws.shop/api
https://boredimperissvieos.shop/api
https://sofaprivateawarderysj.shop/api
https://lineagelasserytailsd.shop/api
https://tendencyportionjsuk.shop/api
https://headraisepresidensu.shop/api
https://appetitesallooonsj.shop/api
https://minorittyeffeoos.shop/api
https://prideconstituiiosjk.shop/api
https://smallelementyjdui.shop/api
Extracted
redline
@mass1vexdd
45.15.156.167:80
Extracted
redline
5345987420
https://pastebin.com/raw/NgsUAPya
Extracted
redline
mixa
185.161.248.75:4132
-
auth_value
9d14534b25ac495ab25b59800acf3bb2
Extracted
redline
mazda
217.196.96.56:4138
-
auth_value
3d2870537d84a4c6d7aeecd002871c51
Extracted
redline
5195552529
https://pastebin.com/raw/NgsUAPya
Extracted
redline
5637482599
https://pastebin.com/raw/NgsUAPya
Targets
-
-
Target
0691b5a648eb75146ff1c98264b40a610cecafe4f5a7c2399c6ae1e3ab936d08
-
Size
316KB
-
MD5
acf2f1e7608dff6d13c0d7eb977d8fae
-
SHA1
521b70268d2d9ee9b88d92e018cc0b1e1617c2b5
-
SHA256
0691b5a648eb75146ff1c98264b40a610cecafe4f5a7c2399c6ae1e3ab936d08
-
SHA512
5ce95cd430ef5c5694cda6c9915d57492b9cc4b41880fc518eaeb4d982f9d4c0bc0e2bf40b58b207af77eadcefb4af7a03f8a8854a81d2592a0e2fcd48a0fa60
-
SSDEEP
6144:Kyy+bnr+rp0yN90QE296G62nMnLfkhst2o9geNBdlabNE6K:eMrny902g2MnLfBx9gYdlZ
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
16d27a379dbe8520bda043bbfb54345238cc93370956b9d84ee176d2c0c4e90f
-
Size
368KB
-
MD5
acf00ba6611d25c3f9f7777c3cb4b49e
-
SHA1
56f53d9095de9d929e2379b0acf7aa69d1fde834
-
SHA256
16d27a379dbe8520bda043bbfb54345238cc93370956b9d84ee176d2c0c4e90f
-
SHA512
1f863a110b9c98e926f0b8fe42c901a8aeb7795c1e8572686657172db40c1e31bd092acdd1c744da1c69695517e095d4d836eadaa733329336b2eea6e853798d
-
SSDEEP
6144:hu1A7hbi9pF70Q3tC3elH5NbWip1OmNoE69/6wA/LjFL93+spV:hQA09AQA3ekc1vWFHM/VsspV
Score10/10-
Detect ZGRat V1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
-
-
Target
2142fb28cf11eb0432f24155b8ceb9e5840f95098250d6398ddef4cd637e467f
-
Size
6.3MB
-
MD5
a44c2b3293d3a571dd97135f7597eabd
-
SHA1
aaf0af62fda44272763977da40e933f8899d453d
-
SHA256
2142fb28cf11eb0432f24155b8ceb9e5840f95098250d6398ddef4cd637e467f
-
SHA512
0a5512fdd36e48ab363c6e6a0e1b275c0285261461d265284e7f18bc46c3c5ef8f59469dfdfc19627c49be3238e0e481ba846fff713b5ea4051e15b351e3b827
-
SSDEEP
196608:cUSPkm7ChnGtmpSgSfvsqRCEgiY7N46kYmDw:cFahnGIEgSHsq88YBbkBw
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
2590c6aee0971ee73ddf13b31120ab5a7a7268c588bc55a8fe221b203913c447
-
Size
314KB
-
MD5
a2e82df6d2a9597325d8523d3625b7c9
-
SHA1
1a5bf994f2bc9c0cd810e94776a3fc480f5d7f3b
-
SHA256
2590c6aee0971ee73ddf13b31120ab5a7a7268c588bc55a8fe221b203913c447
-
SHA512
1a89b7a438d12b21e4c2b2b9afbc348fcab3bfbce86b03ae49b001a5a184ed911cbf5f484da987c23957fec7afe9deebfc815215ef956bb3a8edf692a000eb10
-
SSDEEP
6144:znnpI60nbM8uPZy3+8KIDx7uVKBrC27XXJCWsgg5DeQhNM9PXHS:zn+60nbnuK7I+rC0XX4gg5CQhqHS
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
-
-
Target
2dfb67bcafac71d947152f3ae70d7dd3d30e5a77ca43c4558c19f55b5f02e20e
-
Size
368KB
-
MD5
b33780913a2d542673f0cbd14de5f97c
-
SHA1
407d2d6a9ba1c5d7539acbac6438c7e8047d2413
-
SHA256
2dfb67bcafac71d947152f3ae70d7dd3d30e5a77ca43c4558c19f55b5f02e20e
-
SHA512
3f1c4ab43c9e9f903d1eb1af367fa3415cfce7bd8643d76147150e427efcb60b3ee22616a40884e58b7f975e40f44ee75bc076aeef32b7a73924e84c9bb0b7e3
-
SSDEEP
6144:dyG9AjZTG9JUxp97Yt+bosEpu5u8iIbjl1ljeHsZtHd2yM9MsE20I0deP9Hjnz9A:0QA49U976+bpVM89jGotHdrby0I0deNG
Score10/10-
Detect ZGRat V1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
-
-
Target
37da8385b8545a46ada63ea355787a5c8f960005b8a67b59b4d5a15b68cb239b
-
Size
527KB
-
MD5
a7b527525a2ddd48a4d9ce1e274d843f
-
SHA1
7febe665d9db563106eb6bd2da7992497d3d606f
-
SHA256
37da8385b8545a46ada63ea355787a5c8f960005b8a67b59b4d5a15b68cb239b
-
SHA512
4c60ef10abc74bd96b00f26702921a28a84c6875983ceddfc615d0410740add0124f5771e17e925f4b5cebee9e657de3e215b8d922ea08e04480e0ba04229b7b
-
SSDEEP
12288:Cx6Wpqk3I596ygL14/mYphofsHNwlHajt9TQ3FXkScY0Xp:Cx6g3Ie4eYnofsHalcTofk
Score10/10-
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
-
Suspicious use of SetThreadContext
-
-
-
Target
3aaf26e7fbf94654768907baab049ff6ada8d0d322c14bb24ab75c773e959153
-
Size
1.2MB
-
MD5
b3e893115079ca21010521f60ce27bcf
-
SHA1
43d7a8fd46d6d53872cfa36ae8dc83357081d096
-
SHA256
3aaf26e7fbf94654768907baab049ff6ada8d0d322c14bb24ab75c773e959153
-
SHA512
bd4d706767175ee211e5bb4af497e406ddfd9ac1686e14f42320f4396c345a608fc5d1c722950bcda331fb09228f1c36fbaa0b0723e75b1032ff52b7464eb5bb
-
SSDEEP
24576:LKxSiAH280V6GfVDeRLp0Msk0vqDfoS/sQlhj/uVksEoQJs:LKwOV6GfVDeXKpyeVkfoQJs
Score10/10-
Detect ZGRat V1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
-
-
Target
40299e478c5574c9885cb5e6bfc296fb6e5171f6db34d00a0414ecb2df18cf3e
-
Size
1.2MB
-
MD5
aff0665e17c12aa29dec669126e6d1af
-
SHA1
bae24f23b3f6304cc69bf7b075d5a2ff9a6d2f4e
-
SHA256
40299e478c5574c9885cb5e6bfc296fb6e5171f6db34d00a0414ecb2df18cf3e
-
SHA512
a040eaae7da4c9d4fc15bcb96254fb6b494051f7df2a6423c9a37f8fad5d47c612d7aff84e1cdf00299da20424fc69f5bfa9aeaf176a45b814f1b9e90fd0940f
-
SSDEEP
24576:M0HCiCRQyElua/tXuRE2AeMsY6R4DotSo5wMHQ3w7HNdHs:M0iylua/tXutAuNSA1HQ3wPs
Score10/10-
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
-
Suspicious use of SetThreadContext
-
-
-
Target
55b18033bb16a6ebd933d4b24c7828c19ea0ec0937cbb06be066053c204d9753
-
Size
469KB
-
MD5
051f65734fe5b3908b4e8c8810866caa
-
SHA1
c94cfcbd18c595495d8851679c3a7eb6e6af1ec3
-
SHA256
55b18033bb16a6ebd933d4b24c7828c19ea0ec0937cbb06be066053c204d9753
-
SHA512
8a4770ca61f2a3f42631f61b55f256e362bb8c6766566ee6a1c18714d6e5f3f5590a1bf01f6d4ac0be80077c5a306acf6ed95338e0bb0731c35a352386f35b8a
-
SSDEEP
12288:ulBmU+zoOXc065zzMWv9yT2EyBkXoGzud3Kiz7xhGupT:M6zoOCzzMWVpEyedyd3/xhlT
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of SetThreadContext
-
-
-
Target
58f1ac441f84bfb9b399de0d2b5fadbd5b9a587d3eea89f1c3de6ea2ca83badd
-
Size
333KB
-
MD5
ae6678ff462f880f64079c14e42a69e9
-
SHA1
f43ed9349db0e1361063dd2a87a90ea765130c34
-
SHA256
58f1ac441f84bfb9b399de0d2b5fadbd5b9a587d3eea89f1c3de6ea2ca83badd
-
SHA512
e13df0245d6d363d3f0b83adf4ec698a2a6c07666faf59eba5e131179451f2047ce91a6a1515c1b05272043f6dcd769bbf212c603b35cdd854d0b5c729cd9e83
-
SSDEEP
6144:al5wh/1grC64UHVXwDMsFGbr195RQyghMuHsf/YqG0c9sHHAjBUGI8+0Xp:aHrrC64UHV6DygWPf/2h9QHAFUGm0Xp
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
-
-
Target
6f9c093ac13bacf5ee4d2f6df94ed7894f1a56e23ae8944e372d28594a63a5fd
-
Size
488KB
-
MD5
a6eedf7cd3a83e253f03dfae2a818f7b
-
SHA1
e4258db32a71762702b3dfef77d8847d07d3f473
-
SHA256
6f9c093ac13bacf5ee4d2f6df94ed7894f1a56e23ae8944e372d28594a63a5fd
-
SHA512
066edcf8e82768db19476ab355f4ba0ab8d0516fe595d998db2391a90622afe4776536459cc966820cdecb9aeef913020a17a648e9186bc6f8c6a993f4d996f5
-
SSDEEP
6144:Ksy+bnr+Fp0yN90QEoN5vkW6nZNNhX7PSL0pFpC/nssma0AqSPF1Hi4HpoZManUN:UMrBy90WMRzpFpS24fPrpnNyOSrC
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
88157ed09f97ab5ca5535ead13e3569dce0a8950a32560e305aac06f62193e7d
-
Size
769KB
-
MD5
a95423a4d05d9c253e79699be515885a
-
SHA1
6ea8cc57823732bdba8f89aa89ce050f004462eb
-
SHA256
88157ed09f97ab5ca5535ead13e3569dce0a8950a32560e305aac06f62193e7d
-
SHA512
f54d335b33e26959d588803f45b04905b3507d3a1bd808a1e5cef7d282427361323d42eb0f83ec1300c87ced08fd03ba991e4215bcdb52c9fb11c0fb388a4dbf
-
SSDEEP
12288:QMriy90n39u2FrIFe/8qNJuzVDLBYrsELHbPoD4XpRuI5SMltyJ7v6itsHR6rT/f:iyGt3NOxNPELH0DoRt5bjyJ+xQT/f
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
8e29739d0db64de82f2c1386f8ba689ab31a3b0c457102386884ac03967741c3
-
Size
642KB
-
MD5
03a628bce13a7a6f73b78cb27748c83e
-
SHA1
3d36b5043c005536607692cc3af271a95dc354f2
-
SHA256
8e29739d0db64de82f2c1386f8ba689ab31a3b0c457102386884ac03967741c3
-
SHA512
26264798a9a32453c10acdc1f4941bcc795a18142ba8a71566c4bd7d3707dd6d403be2e8ac7b8f9f3ea372847ad3844b84bbf20b8a14f88968bd92d6bd51e344
-
SSDEEP
12288:dMryy904dpX1N0hhzV0V4UcBPHQrh2picnKvDqkEvjlJK:zyd1N0TV4tvrh2pvKvDqxvrK
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
9a9db30ba757d584222fa4ab88b6873356c849e54cffa8d799e5b7ffe07ec8e4
-
Size
316KB
-
MD5
a5c39861500c28805e6ade5c84f92ad5
-
SHA1
d132861bc0906ce6bd65c4222ae53fdb24251592
-
SHA256
9a9db30ba757d584222fa4ab88b6873356c849e54cffa8d799e5b7ffe07ec8e4
-
SHA512
877d9af8f10812356227e98b576d3ff89164f248fda0049b88e9d14217557fbad45a42f6901203d522dae5516530c76c439c30cd5e7d10189a01ce8c6c19896e
-
SSDEEP
6144:Kjy+bnr+Bp0yN90QED6vZrMgX3eYK41E8OBURKaJWW:5MrZy90hmN3rKWOmEakW
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
ab51d9c4b8773d3561e66fa4e023cbf994e54983899c6f7ab6be6376f7b72c12
-
Size
488KB
-
MD5
b1b9d26a85251aa0a9ba2f4fed72b654
-
SHA1
a3599ca05f6eb0e29f78f3f54b6426cb2630089b
-
SHA256
ab51d9c4b8773d3561e66fa4e023cbf994e54983899c6f7ab6be6376f7b72c12
-
SHA512
80ac12b03dbcd97247a0367e76f0c9aff0bc94e34aa6dd0cdf716d895c13f18563543a0d3dbabf2c0271eb131dff18e205beef5d6e8c2392d3253b8a8e19e37e
-
SSDEEP
12288:rMrYy90OttXntMhYj8DuxEFzKlOICafiomBnESj:ry7+Yj8yyRICafiols
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
b9493d5cc0930bdb4d765895c7f96f17a60376cf6cb7c307d5ce109cdf2f739a
-
Size
230KB
-
MD5
06bed703d447c629f04ebc44a2286847
-
SHA1
e80a2cfd33a52acc2c7ffb03ab32e8ff25cce28f
-
SHA256
b9493d5cc0930bdb4d765895c7f96f17a60376cf6cb7c307d5ce109cdf2f739a
-
SHA512
88aeaca5f59a919caa71a1a046fa2c0d189cb50a43b435775a66648d7a4707904932607cdaf0b31f6e4f4a76b33117d064319bb9acebb705b1a907d47f75e0b0
-
SSDEEP
6144:3fqzOQ5ZB35YbVGqe4QmYrZGPKliFAW4pv:3fqzF31q/QLLcz4pv
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
-
-
Target
d5fab2df2573b325234d7158536a2632bfebcbd8c116b7e4784114559f5702eb
-
Size
488KB
-
MD5
a9ee14bcd39847959d6c3afcf70eb1a9
-
SHA1
af1f6313b1cf46e3f68097b95ad89e2db179d696
-
SHA256
d5fab2df2573b325234d7158536a2632bfebcbd8c116b7e4784114559f5702eb
-
SHA512
f138d2244af4e462d49ac3aeffc53beaa411906fcf90de7ad3910f422b715d846e84ac703793a09be0e36d6f9c5b7682f21c8bc4502ec3447c97d84fbad12fd5
-
SSDEEP
12288:oMr8y90i3LsOVdHNlkzKlOJXaAKpYReJaTCe:UyV3wKwJXaAtwmL
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
fab3fc05cf6e40858439b8dc76055605de0c9972d56484e87b85a43dc73a3079
-
Size
488KB
-
MD5
ad6e1c1e1c90e8c7d47449ef6e11cfe8
-
SHA1
2c1a4d3daad38cc5913bac4792b296e55788b4b1
-
SHA256
fab3fc05cf6e40858439b8dc76055605de0c9972d56484e87b85a43dc73a3079
-
SHA512
c33749f8ad3b6eedb78290a32dc3acc06f70f0b1f07931c6b4de88fd211b14bcae7138bec1d2b86c45582f1275ab9b11c569b33052e691c44b55699fce7163c4
-
SSDEEP
12288:tMrGy90qxQrUY75LUHCECp0zKlO8Wa+zeAJ6:ryB2rTlU408Wa+q3
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1