Overview

overview

10

Static

static

3

13d2ddbb73...3e.exe

windows7-x64

3

13d2ddbb73...3e.exe

windows10-2004-x64

10

248f6a88e2...75.exe

windows7-x64

3

248f6a88e2...75.exe

windows10-2004-x64

10

3b3c25930d...c3.exe

windows10-2004-x64

10

5d4ab7321b...b1.exe

windows7-x64

3

5d4ab7321b...b1.exe

windows10-2004-x64

10

64a91313eb...f3.exe

windows10-2004-x64

10

78583cb35f...80.exe

windows10-2004-x64

10

7adf4e4d30...3b.exe

windows7-x64

3

7adf4e4d30...3b.exe

windows10-2004-x64

10

7eeb7d5105...82.exe

windows10-2004-x64

10

85963051ec...13.exe

windows10-2004-x64

89b66df995...26.exe

windows7-x64

3

89b66df995...26.exe

windows10-2004-x64

10

8a339b5ec9...a4.exe

windows10-2004-x64

10

948537d542...e0.exe

windows7-x64

3

948537d542...e0.exe

windows10-2004-x64

10

9aaa505382...5d.exe

windows10-2004-x64

10

a1fa8776d2...ff.exe

windows10-2004-x64

10

a4673ac7aa...63.exe

windows7-x64

3

a4673ac7aa...63.exe

windows10-2004-x64

10

a6784f4b55...a5.exe

windows10-2004-x64

10

c81bc7831e...44.exe

windows10-2004-x64

10

db203dc135...0c.exe

windows7-x64

3

db203dc135...0c.exe

windows10-2004-x64

10

efd353ed4e...ec.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    red2.zip

  • Size

    51.1MB

  • Sample

    240513-njpm8acc3w

  • MD5

    529a16a8f3eb780058ce4c4d88d761bc

  • SHA1

    06d60d475dc5b906a48bf6fc44a8b21451cebac9

  • SHA256

    4de1124a0c0b201907321b44ffbad15b2e2e9ad38b6ae1a833ce56f145c5c177

  • SHA512

    b70f1502c68b14085c6b16a86da4b49213d4aa5a3e34a576cb3c2a5028e0512ece411869ac11254ed4c65f6d17ffc679a4a754492cf1d02bc42b2264dd1f8562

  • SSDEEP

    1572864:QgJol5kjVEtpaxs2kwji1p/y+9aORAUo50q:5Jol5knkUi1pnFRMf

Score
10/10
lummaredlinesectopratzgrat5345987420@txtheaddebrologsdiller cloud (tg: @logsdillabot)mixadiscoveryevasioninfostealerpersistenceratspywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

mixa

C2

185.161.248.75:4132

Attributes
  • auth_value

    9d14534b25ac495ab25b59800acf3bb2

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

5.42.65.77:6541

Extracted

Family

redline

Botnet

debro

C2

185.161.248.75:4132

Attributes
  • auth_value

    18c2c191aebfde5d1787ec8d805a01a8

Extracted

Family

lumma

C2

https://glossydecentjuskwos.shop/api

https://sofaprivateawarderysj.shop/api

https://lineagelasserytailsd.shop/api

https://tendencyportionjsuk.shop/api

https://headraisepresidensu.shop/api

https://appetitesallooonsj.shop/api

https://minorittyeffeoos.shop/api

https://prideconstituiiosjk.shop/api

https://smallelementyjdui.shop/api

https://acceptabledcooeprs.shop/api

https://obsceneclassyjuwks.shop/api

https://zippyfinickysofwps.shop/api

https://miniaturefinerninewjs.shop/api

https://plaintediousidowsko.shop/api

https://sweetsquarediaslw.shop/api

https://holicisticscrarws.shop/api

https://boredimperissvieos.shop/api

Extracted

Family

redline

Botnet

5345987420

C2

https://pastebin.com/raw/NgsUAPya

Extracted

Family

redline

Botnet

@txthead

C2

94.156.8.193:34427

Targets

    • Target

      13d2ddbb73b782f7ef9b539d9c2f99d04cc83536205cbdf01fcfdbda6273b93e

    • Size

      368KB

    • MD5

      746626f9ca37c0be50e5db93f8b7fcb8

    • SHA1

      0f875a14736c0015171fe52972153811fb8ecec0

    • SHA256

      13d2ddbb73b782f7ef9b539d9c2f99d04cc83536205cbdf01fcfdbda6273b93e

    • SHA512

      387ad2824cde3c7dc13e20f733008cf649ad3abe258f99c9588d868766529f6492f500ce729a9e09124459407f06d6d8c307056d45083b2714c7624c0e244d5f

    • SSDEEP

      6144:ByG9AjZTJ9Ja1HDoXU9qLShgFwflhqXvbyj3Eso75XV+kUyespx:gQA/9oiXU9qLSzf6TyjUl5XVqspx

    Score
    10/10
    redlinezgratdiscoveryinfostealerratspywarestealer

    • Detect ZGRat V1

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      248f6a88e25b649d9173c39e07ca411784d808570bec48e3d3681ea589460f75

    • Size

      1.2MB

    • MD5

      76d0db94f2de91ec32a48bd8842e5824

    • SHA1

      c616e4bf2e1effcfc7879c579a318aaa2b4aea1a

    • SHA256

      248f6a88e25b649d9173c39e07ca411784d808570bec48e3d3681ea589460f75

    • SHA512

      afe4a7380fec186f1e76bfbcc958ae8acb9ae7385020031da2e582f00630485965d7511106137edd0341752c46a8460516ddf20dc17e74e8567e3c3e87aa90d1

    • SSDEEP

      24576:DUvYi5Av55llkyRdjU3AK1Msaw1jDcgvlbipgKGs:DUwpllkyRdjULf39bVKGs

    Score
    10/10
    lummastealer

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

    • Target

      3b3c25930d8e5239354b72caa7636c9cd244db255f2dbdad867a4095441c91c3

    • Size

      488KB

    • MD5

      7708f942fc03661888b12d848e63be86

    • SHA1

      ce37a96ff8c2a103828b904568a181ffaaf53341

    • SHA256

      3b3c25930d8e5239354b72caa7636c9cd244db255f2dbdad867a4095441c91c3

    • SHA512

      3bd43a4bc4ce233e3c28563c222c3443ecf2d81cd229669addcafaf24d6d5115e73db80f8030169bcbc3980f043030df354adbf43d28532d82bfe187e0df78bf

    • SSDEEP

      12288:VMr8y90FONVwfOLFGj67nSaJejITycHNb85:9y7N2yFTS+t45

    Score
    10/10
    redlinedebroinfostealerpersistence

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral5

    • Target

      5d4ab7321bf7b95b30cc71760a54f2de7172103b782fbdbcabcc012561d0f7b1

    • Size

      1.2MB

    • MD5

      a0be480c4ef34ac1cdfa505cd1706199

    • SHA1

      751cb6f383f848e19ea27b79c8b16eb6715b0194

    • SHA256

      5d4ab7321bf7b95b30cc71760a54f2de7172103b782fbdbcabcc012561d0f7b1

    • SHA512

      70db894f5b1a17e323fa5459bc3a69cea2dab37e12d4e0963ba89bb37e25bf4928a177eeaec1a71fc9937a20aabddbad0ac60f505d11cdbdfa9a9a9cc413064b

    • SSDEEP

      24576:n843izBgywllmrXX0SRD4Ms0sZYeDBqFnKKm1+KiO6fs:n8udllmrXX0auGTKKFNnfs

    Score
    10/10
    lummastealer

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Suspicious use of SetThreadContext

    behavioral6behavioral7

    • Target

      64a91313eb50dddfb61c52017487fbcae9e2ebfc5426285d97ea6e073db0e1f3

    • Size

      769KB

    • MD5

      9bf6b90455cdafbc4f730e0d36e6f2f3

    • SHA1

      1280c19116ee65594582d39b5f35693e843eb3cd

    • SHA256

      64a91313eb50dddfb61c52017487fbcae9e2ebfc5426285d97ea6e073db0e1f3

    • SHA512

      aa93787490febd0e91e0a64a3b04d825fcf474833e9199df6029a1ec9b7ad6b00b15cce125b70e3c89c6a09ed03a549e0abef07baebd82331d19afa5b003cfeb

    • SSDEEP

      12288:BMrKy90IjoIdwRsoHBc9xklpmHUpBjdJ7pT2cDoLX3Ehmg/3acxtJxJ0:Ly0IdwPhcM3P5drMLcFJ0

    Score
    10/10
    redlinemixaevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral8

    • Target

      78583cb35ffed4865b6cde068216b6ee82dff5cb11522d6b1b2e33d713a21f80

    • Size

      488KB

    • MD5

      705a640fbe0831c4df98f36b96fa7f7f

    • SHA1

      3e7548269fea8c5cd47a2dc7eede86bf6fc3861b

    • SHA256

      78583cb35ffed4865b6cde068216b6ee82dff5cb11522d6b1b2e33d713a21f80

    • SHA512

      fdadb8631446c42490f5f0c558280a37cc50cbbe83011db0804ba09bf5fc63446fd40e258b4fcb43367b271a58ac45fc31a3057a9ee3a5a711b5c3cf68b7402a

    • SSDEEP

      12288:3MrZy90bPdtqjfuFm97VYglxzKlO+4aTfVoF:Cy86jGw9ht+4aze

    Score
    10/10
    redlinedebroevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral9

    • Target

      7adf4e4d30d94f50091e644399565b03649ebda511d61b6156728120df42193b

    • Size

      1.2MB

    • MD5

      753182443978a73ad9e3c1133a2f33f9

    • SHA1

      5af5ffed81bbc6d32f1f0fe8a70c8dcf22546757

    • SHA256

      7adf4e4d30d94f50091e644399565b03649ebda511d61b6156728120df42193b

    • SHA512

      970063df51e3f924b36154c3815161905f6ebde72fe091b933bad519919071a2f63517ad70f8e6edda51460a38377034b3180e4cb0870fa8641d90ea14070b7c

    • SSDEEP

      24576:FzRqiJH28+VpdGfVDeJhWoMsGrBsDEi9HXCEnauYs:FzMfVpdGfVDeu/4HXZnGs

    Score
    10/10
    redlinezgratdiscoveryinfostealerratspywarestealer

    • Detect ZGRat V1

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral10behavioral11

    • Target

      7eeb7d5105714891b20ada945a47c8b1144bfe9a5bfd2e9d3e958da52b062182

    • Size

      316KB

    • MD5

      762643b7b23b38b8b69a3f2016aea5eb

    • SHA1

      b58e4ec7860169d3cb0ae8e7ce32b0752e87ac73

    • SHA256

      7eeb7d5105714891b20ada945a47c8b1144bfe9a5bfd2e9d3e958da52b062182

    • SHA512

      bdf4929acfe47489174b9d773faeca50b61699db844a614f3e6636f1f307bc576d771c45a8a64d8de2887d66b50cbffede9bcc761c5f001a20cc8b3973bcd7c4

    • SSDEEP

      6144:KZy+bnr+Op0yN90QE16vZrMgXGma0+qSNF1lioHpoZM4:vMrKy90vmNRGfN9pC

    Score
    10/10
    redlinemixaevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral12

    • Target

      85963051ece1830904f1352feb417a21d0483c9ef3735855d49b257c6278df13

    • Size

      43.5MB

    • MD5

      9de6a6858482f7b8c82bd861ea974e09

    • SHA1

      772ce6a04f3afed268695f26136337a772c76017

    • SHA256

      85963051ece1830904f1352feb417a21d0483c9ef3735855d49b257c6278df13

    • SHA512

      fd11b2455361204a9cf9d046acc2b379989e11f7b06f0add808bc2219b104ff10b772d708ab64752efbf894c281c486509d8421edebfa8c3be608e02eb8f2c77

    • SSDEEP

      786432:CVTtG42LQOiWTx/iNFcFXBHx+rEpTyfgcRMQS7bYC/vswAdlk1MUOH:CPGFM0RwcFXBHx+wgGV4ydAdxUO

    Score
    1/10
    behavioral13

    • Target

      89b66df995df06c4b63c0874921e1da7192ea6c4fb2f7e991fb3bb68c2c25e26

    • Size

      1.2MB

    • MD5

      7caf50a3baa69d9891d00ba7e9e8d797

    • SHA1

      c467f50668d787d5757650b317117a8528d5bc57

    • SHA256

      89b66df995df06c4b63c0874921e1da7192ea6c4fb2f7e991fb3bb68c2c25e26

    • SHA512

      8a16e971dab4003c03ccff6b0ec45ada152f3fc7a73fb6252889a3e08b223c22a7c7cd06c7ed5c14880300bb10f57a5f135a3baa0bd37bd7a6f23cc4f03f2513

    • SSDEEP

      24576:FJXyijJIK8li6v93OhJjuMsYqRwDaoGlcXqua/7PVNs:FJixli6v93OrecGlcXW7P7s

    Score
    10/10
    redlinelogsdiller cloud (tg: @logsdillabot)discoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral14behavioral15

    • Target

      8a339b5ec96af2011a66dc18e1650f9ce31815b69c4d565ca266ff41e286a1a4

    • Size

      316KB

    • MD5

      78e75d662eb480ae035fe13c8528db74

    • SHA1

      2140c40713fe3ec0087adb8c1d633745b4e9b6e9

    • SHA256

      8a339b5ec96af2011a66dc18e1650f9ce31815b69c4d565ca266ff41e286a1a4

    • SHA512

      f93c9c6374695c4b0fefa1ec91efe078ee2f765613f2e0621acd73947e795b702e76f8bc71cde3a31bb3caa5822aa5a338327255c60da9e93448cc6e1e284597

    • SSDEEP

      6144:K3y+bnr+pp0yN90QEn6vZrMgX3eYK41E8OBURKaJWKk:ZMrpy90BmN3rKWOmEa4Kk

    Score
    10/10
    redlinedebroevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral16

    • Target

      948537d5425794f4ef3525416441d129812ac5d9ef9b35f1eacccf6948e60fe0

    • Size

      1.2MB

    • MD5

      7bb8925188c2ce5686dfe17e2e05debc

    • SHA1

      b27147eec22e7fc0fda02f19b7ef5d1721e459c2

    • SHA256

      948537d5425794f4ef3525416441d129812ac5d9ef9b35f1eacccf6948e60fe0

    • SHA512

      a7938223aaa77f644bbf090b30cf57b66ada5023bd2d191d9890fb1703ba9ac444858f26614df0941828e3d47ffcd97e4915ff3f2873c3d74f1e8298ba35d524

    • SSDEEP

      24576:kMrDSiyJIK8luK3932JQ9bMsYpZSDsMxwf5GniLWcs:kMiCluK3932m65pAn1cs

    Score
    10/10
    lummastealer

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Suspicious use of SetThreadContext

    behavioral17behavioral18

    • Target

      9aaa50538204ad8ed2bed10632de494067e88887268d3beeb1f68815b03b325d

    • Size

      488KB

    • MD5

      c96325df97a2d3f9b536a1e4e1bc112c

    • SHA1

      a6cf2f4b20afbc1f88f0c0958bdb851e622ff516

    • SHA256

      9aaa50538204ad8ed2bed10632de494067e88887268d3beeb1f68815b03b325d

    • SHA512

      c91808e60061956ba8c53eb4b6d3e0e1dbf4684421df60e96507a2562ae5c017f6340ec47c1c0ab53e92ae73a704b3ac63a7bcfbcdd567c93501b13642f106ad

    • SSDEEP

      12288:lMrAy90pNuoRidcQyGSw75zKlOMkalTgmORsL:Nyi3161MkalTgDmL

    Score
    10/10
    redlinedebroevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral19

    • Target

      a1fa8776d2234540b4b06a6175a58b01a25370868f808e796d7bcbfdfeacebff

    • Size

      316KB

    • MD5

      78c5fed6720bb71a532cfc30f99a1ae3

    • SHA1

      de307b619e6e40f9ebea86a79fd3af1b6d8f02d3

    • SHA256

      a1fa8776d2234540b4b06a6175a58b01a25370868f808e796d7bcbfdfeacebff

    • SHA512

      34cff8dac371277878e88971060be5df1ab7c51fa829f91ba09dba1f5e8dc119b466aba95586fd25d589f61c054f6d434a8b09176006a6a6e3e4257c70dcc5ce

    • SSDEEP

      6144:Kyy+bnr+Bp0yN90QEo6vZrMgXGma0+qSNF1liCHpDZ7E:GMrVy90SmNRGfNLpe

    Score
    10/10
    redlinemixaevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral20

    • Target

      a4673ac7aa51c8f5ddda3a7edbf21cc12faacbdd4a054ee01df67f27a5332b63

    • Size

      332KB

    • MD5

      730c825ae8e2c429cba254b5e32680b7

    • SHA1

      0d46cf88949e563c39cc54cca39f3d531a4c490d

    • SHA256

      a4673ac7aa51c8f5ddda3a7edbf21cc12faacbdd4a054ee01df67f27a5332b63

    • SHA512

      d793da8e047dbacfe18beec057a979f27324cf01d9a68b3dc3c7271beb3311d1f630e0b06403cfe641ea9e39c65f6178e77aaf0326efaf6aaa0b57755d2c2aa2

    • SSDEEP

      6144:61xw5f7Qjiz+osPz6Z520DbS1RcyghaS41temlVy5ZUOA8sb2DvvK+0Xp:6fZjs+osPz1YygYSWteCYZUOA/2H0Xp

    Score
    10/10
    redline5345987420discoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral21behavioral22

    • Target

      a6784f4b550acc54cc3376066858e706933e32e7c275b9b79acf346dc3cd3da5

    • Size

      488KB

    • MD5

      7a5c3e1e5f4b6babd35faf0480dd409f

    • SHA1

      7870f67f3efce145f0e49b4d85b99bea3a7a6283

    • SHA256

      a6784f4b550acc54cc3376066858e706933e32e7c275b9b79acf346dc3cd3da5

    • SHA512

      b46eb02d9a71a09e28e75f084c2536d8a895d0571097a6477fa8be6a34594a8af12cb2de597dad38a3a5023abbae51226644bbebf541ef0f246079e982421806

    • SSDEEP

      12288:9MrOy90vu/z2ejeR85fhKj5bKRzXN+CZz+xQ7Xjbs:nyvfeSHKN+xd+G+SU

    Score
    10/10
    redlinedebroinfostealerpersistence

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral23

    • Target

      c81bc7831eb8bf73d67379be4d3b03944fc18873944de10d1e02f9de54dfcc44

    • Size

      316KB

    • MD5

      7a2b8d9dbb08338b078c2270b66010c0

    • SHA1

      c15580da05915a08bf6065adbeacbaf3dc0da348

    • SHA256

      c81bc7831eb8bf73d67379be4d3b03944fc18873944de10d1e02f9de54dfcc44

    • SHA512

      33cc67f35e3da6b7cab3f2e4af72134c49c953ceb7b520628a3b219bcdd42d9ed865ad486d045364d201d33ff49caa6758ac67bb1c895e09a3615b7d9da99946

    • SSDEEP

      6144:Kmy+bnr+Vp0yN90QE+6vZrMgXGma0+qSNF1liDHpgZ7A:mMr5y900mNRGfNmph

    Score
    10/10
    redlinemixaevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral24

    • Target

      db203dc135d244a9cc17433853b7a56001547d4cad091ced993ce64e9ba1250c

    • Size

      1004KB

    • MD5

      9de1ede890852d25d1a9a37561c85881

    • SHA1

      823df077b48e0fc84a398a3081037e29ae9e636c

    • SHA256

      db203dc135d244a9cc17433853b7a56001547d4cad091ced993ce64e9ba1250c

    • SHA512

      c416064da1ef2048a0940bba408d41c5c79ab2514f078ff7ba7b6d72c01fe8fb43ed703aacaa4378e0c4670a5f325d8b8a78cf5c0f8756ebbe78295ea8049a34

    • SSDEEP

      24576:L+KwiEu1zBt9qQ9fzrNXZMsCunBDwrqGYErtVs/t:L+/gt9qQ9fzFNie1es1

    Score
    10/10
    redlinesectoprat@txtheaddiscoveryinfostealerratspywarestealertrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral25behavioral26

    • Target

      efd353ed4e0d760b81c28296fd5aa7a67776e8b003d5edc1e7479f6efd721dec

    • Size

      316KB

    • MD5

      7498fd1b89e795947980b4d0a33ef463

    • SHA1

      3cc3c3d98acade1fcc157c8913b1b8e673618c8d

    • SHA256

      efd353ed4e0d760b81c28296fd5aa7a67776e8b003d5edc1e7479f6efd721dec

    • SHA512

      15442f85723457e867531e5dd3b47273d9cb5a7d83402d95f9cba7088e8ee3b155f4b95f510b316ab1497a620cfa6ff1d1c5fc123b5a1743bb78d0b621e55312

    • SSDEEP

      6144:KRy+bnr+9p0yN90QE36vZrMgX3eYK41E8OBURKaJ8:7Mrdy90NmN3rKWOmEaa

    Score
    10/10
    redlinedebroevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral27

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Impair Defenses

2
T1562

Disable or Modify Tools

2
T1562.001

Modify Registry

4
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks

static1

Score
3/10

behavioral1

Score
3/10

behavioral2

redlinezgratdiscoveryinfostealerratspywarestealer
Score
10/10

behavioral3

Score
3/10

behavioral4

lummastealer
Score
10/10

behavioral5

redlinedebroinfostealerpersistence
Score
10/10

behavioral6

Score
3/10

behavioral7

lummastealer
Score
10/10

behavioral8

redlinemixaevasioninfostealerpersistencetrojan
Score
10/10

behavioral9

redlinedebroevasioninfostealerpersistencetrojan
Score
10/10

behavioral10

Score
3/10

behavioral11

redlinezgratdiscoveryinfostealerratspywarestealer
Score
10/10

behavioral12

redlinemixaevasioninfostealerpersistencetrojan
Score
10/10

behavioral13

Score
1/10

behavioral14

Score
3/10

behavioral15

redlinelogsdiller cloud (tg: @logsdillabot)discoveryinfostealerspywarestealer
Score
10/10

behavioral16

redlinedebroevasioninfostealerpersistencetrojan
Score
10/10

behavioral17

Score
3/10

behavioral18

lummastealer
Score
10/10

behavioral19

redlinedebroevasioninfostealerpersistencetrojan
Score
10/10

behavioral20

redlinemixaevasioninfostealerpersistencetrojan
Score
10/10

behavioral21

Score
3/10

behavioral22

redline5345987420discoveryinfostealerspywarestealer
Score
10/10

behavioral23

redlinedebroinfostealerpersistence
Score
10/10

behavioral24

redlinemixaevasioninfostealerpersistencetrojan
Score
10/10

behavioral25

Score
3/10

behavioral26

redlinesectoprat@txtheaddiscoveryinfostealerratspywarestealertrojan
Score
10/10

behavioral27

redlinedebroevasioninfostealerpersistencetrojan
Score
10/10

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.