General
-
Target
red.zip
-
Size
7.6MB
-
Sample
240513-nyc8qsea58
-
MD5
d77ceed21d6bf4240fee5e5d6d945894
-
SHA1
6c14f37490e67d3cbb9c6037b3d5cbe2d0f70427
-
SHA256
15da805913716df9c587eca175c626571489f023cb679b69ed646c3e95ab5567
-
SHA512
7b780f25c5e19f116609449a4f03cab5a736caeadf9d9a7e995b034a3368a4c4efff6c7db604883f87487c7977292fa60603189cc2126ad3fc542100ad183b71
-
SSDEEP
196608:XsIAfs0VMG7acrRRcsxwE+sFKb5NiNpcq2gp9MjLnEZpto7:Xstfs0VMJ8oXZse5NiNX2U9GEZo7
Malware Config
Extracted
redline
debro
185.161.248.75:4132
-
auth_value
18c2c191aebfde5d1787ec8d805a01a8
Extracted
redline
dermantin
94.156.67.67:21424
Extracted
redline
mixa
185.161.248.75:4132
-
auth_value
9d14534b25ac495ab25b59800acf3bb2
Extracted
redline
5345987420
https://pastebin.com/raw/KE5Mft0T
Extracted
lumma
https://sofaprivateawarderysj.shop/api
https://lineagelasserytailsd.shop/api
https://tendencyportionjsuk.shop/api
https://headraisepresidensu.shop/api
https://appetitesallooonsj.shop/api
https://minorittyeffeoos.shop/api
https://prideconstituiiosjk.shop/api
https://smallelementyjdui.shop/api
Extracted
redline
dimas
185.161.248.75:4132
-
auth_value
a5db9b1c53c704e612bccc93ccdb5539
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
5.42.65.77:6541
Targets
-
-
Target
0d6ae7d3e5be5821154ac1fc5dc59650e00747b98e72de05210778baeb492046
-
Size
769KB
-
MD5
b940cff64bdb2a0d0e1d6152eb5ef29f
-
SHA1
7ae2b67467336b2b48f0844fca241300a1c0e7c6
-
SHA256
0d6ae7d3e5be5821154ac1fc5dc59650e00747b98e72de05210778baeb492046
-
SHA512
4470e4261f05404453477988e6229cb26f2ccdf68c91be519083c1de0a96d931b53a6483951117ff30fe2526df92060939923e786dc9cea42e5c51eff1b6f505
-
SSDEEP
24576:KyBySnIX1iI3LSYB5afKT+J2SQnliiCY:RBySO13L9T2KTQ21d
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
14841ccb83b8a3938282bf27ed0477e96b335c197b99c0745c4458eaaffd2675
-
Size
488KB
-
MD5
b940e87779e0ca65191e5bbe42eb07ed
-
SHA1
3174c71e7342f7d7a8fa0dcb97d08d4d5ec09358
-
SHA256
14841ccb83b8a3938282bf27ed0477e96b335c197b99c0745c4458eaaffd2675
-
SHA512
14efb4d21f4c790ccc1c2f7c57987beaa93c658f445904eda469b62be672756fb489e38b392c8e3dc746d60644ac5f91accd10f89156a218e9cc9a49d1b44245
-
SSDEEP
12288:0Mr5y90ev0/vEizqfMx4fi9pJqdIjNMmuZbn:Nyd0XESyfST+muVn
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
18e108c298d2a23bcafda5d40c21ffd67b48c2f5429a8b8f5864e593a83eb424
-
Size
1.2MB
-
MD5
ba43a528f7fd3adeb654275bdc4ea190
-
SHA1
ab793efc8a0f94623c5245e0c96aaad56dad1f25
-
SHA256
18e108c298d2a23bcafda5d40c21ffd67b48c2f5429a8b8f5864e593a83eb424
-
SHA512
fbfe187af23227e5778e5cee956f8649a0c93beff29e0647aedaf1feda17cd6c020254369f27b9d919f159e1d5160a3cd5e93f24a3db474ec84910e3e2bcc558
-
SSDEEP
24576:SJXqijJIK8li6v93Ohh/DMsYpJiDR9fM2EgtyPs:SJ6xli6v93OHS+02Els
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
-
-
Target
29458026160d87414595e05c8bdd81a3b5dd948821f3acc4531a2399f9572790
-
Size
316KB
-
MD5
c1fa4d7116f1f4ed68bc4ede8f0d4324
-
SHA1
e53a72d74ed0a5cdcd25d31bc2587c47b473dba6
-
SHA256
29458026160d87414595e05c8bdd81a3b5dd948821f3acc4531a2399f9572790
-
SHA512
e66d57fa6dd0e997f3f79860dd14773df52e9fa95194d63169b74b406e578b5e946c0627e39581fa122e48cf2fb6f773c447852b716e906d5e55922c751ed99e
-
SSDEEP
6144:Kgy+bnr+Fp0yN90QEQ6vZrMgXGma0+qSNF1liaHp7Z76:AMrZy90SmNRGfNTpM
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
3278025d1e04a04ac2f71eee12369519dc740aa56b0c1b1c3dcb1b7aabb05683
-
Size
316KB
-
MD5
bd39cf13e2ab6edeb723846ac6c64043
-
SHA1
2964830d116bab18d0b3577d3f8bb412b521531f
-
SHA256
3278025d1e04a04ac2f71eee12369519dc740aa56b0c1b1c3dcb1b7aabb05683
-
SHA512
2ccee99d9c799574162a8fcb005087be2a99cbecedca29608d6c72120a36e2d57aa7f443ac28804f6e5ab71d9a4999a0bc0082a549597a06e71e917d164ecd99
-
SSDEEP
6144:Kmy+bnr+Np0yN90QEa96G62nMGYFGOke3xBhi+hJmdNU16JO6+kH:yMrVy90+g2MRFGgThi+hQdNRLv
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
3977873bc268ae6753444ae27567678d7b4f321c373d4aacda1270a4232fd045
-
Size
488KB
-
MD5
b7c4563fa302629d4ebcf1f4048cc461
-
SHA1
9d329d67b692668e3d703cb506773bde5ef15de2
-
SHA256
3977873bc268ae6753444ae27567678d7b4f321c373d4aacda1270a4232fd045
-
SHA512
723267956cd1cc13c5545772fbc6827e9303321be7975c1f812a9598b6bb624a16c2814c07af2701d47e01cf7ef626f2bf7d06224d8456d873e29c4bde9b6f69
-
SSDEEP
12288:EMr1y90oGSWE26NkBjo4f9fpVpvkKJqLE:JyJ3N0nfrV7QI
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
3ee99efba0a08acf1fb339b90e092de6608570d79e9eab1c5b99e8734c43eb30
-
Size
368KB
-
MD5
bab4b0f37de3c278af5a7709e98672cd
-
SHA1
6b382dcdadacd3b98c4fe2851b9b7cc3e92507f4
-
SHA256
3ee99efba0a08acf1fb339b90e092de6608570d79e9eab1c5b99e8734c43eb30
-
SHA512
ef5f03e1ff39b0e6371f684655e5023dc437cd38f5145c5e070d0fbb3801aa967b5bfa7c74030b178564bd22d1287738b12b2c1b58c8880cb0a5d94aaa8ed0f7
-
SSDEEP
6144:BOG9AjZTg9JRdYLdiYFv/hiKGWDDT7IKkttUyAYLJonoTHwg+spt:UQA+9IvAKtPQPxlOno6spt
Score10/10-
Detect ZGRat V1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
-
-
Target
4111ebb7fae57f66063a32adb1209c583eab0ef408bb86ce4daf6bf2884c1225
-
Size
1.2MB
-
MD5
b7a68c907aedd472561612e4c3349bfb
-
SHA1
84a0569640f30c74b1109f13aed881f4d1fdbfc2
-
SHA256
4111ebb7fae57f66063a32adb1209c583eab0ef408bb86ce4daf6bf2884c1225
-
SHA512
1b14117e9b58a07ad26270e83aa90510f2febaaf6e9889c68fabf961205ec9890f45db5f5a41100df12ace34475205df6aeda28470a48b68b276cfb336b34252
-
SSDEEP
24576:yBXCi7JIK8li6v93OhlvTMsY5BeDU8zwcXbig8mqOs7s:yBSJli6v93OLih8z5LIV7s
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
-
-
Target
5f784993eb49400b6627e2bc0859e4246e62553f43f1479a65970f34a16765f4
-
Size
488KB
-
MD5
c627279a62524fb565ab6f7276d732fa
-
SHA1
40108ea192debc9e222f74ece2675088a499a266
-
SHA256
5f784993eb49400b6627e2bc0859e4246e62553f43f1479a65970f34a16765f4
-
SHA512
fdcfb05f815c0f54feac84dcc1e3d7ea94616e07d07c6c14783395c4c87a8db0e718b4ca02e6d4289a04a5d2e54ce5e55f6c0eb24489c3521d879dd0cf93fb31
-
SSDEEP
12288:pMr2y90uFg/8qrJuYVDUzYJsALHSc4f4Apwwz5SMutyJ7f:rygrVxWhALH2fDwY5bOyJj
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
614cff559007c756d485e21c8344fe2ac72354f9e4af563e870926f665edb39a
-
Size
770KB
-
MD5
bd6694c7f76fdba409fc12ba82452d8c
-
SHA1
f079703f5a5c0e84c2eef5a5d51b2fd211d0a27f
-
SHA256
614cff559007c756d485e21c8344fe2ac72354f9e4af563e870926f665edb39a
-
SHA512
f96d600abd6c2607607d3e92c0347ca20d7c0f3fa1c1e0b09d0426de9ddae3340abb38e6fcf31d9f28473e98f548460a0cc7d1c8414cf0a7390c40a967cb002a
-
SSDEEP
12288:mMrxy90t+1umrLE/nguxpZ0lNlMGhoX/cBtT3vHoMGcOFTUcXn4:Hyc+1Bq7mMv+F3QHRFTq
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
6286d393c93044fd5b8363ccad5324fadfde3e3d9b340ec908941eab3fe90652
-
Size
315KB
-
MD5
bf89c72f6388b3884699e8081c8314c4
-
SHA1
587f7e952669cc84756181deff315132cba078d4
-
SHA256
6286d393c93044fd5b8363ccad5324fadfde3e3d9b340ec908941eab3fe90652
-
SHA512
fa90330bb2e3a16579de6ae76bda2371b7e18e246ebcaa7432d010f2743e944bbf5e494941bb2d3192cc4816fa97e64cefe31f61817cd6cf18b38e9cc81b02ce
-
SSDEEP
6144:pR99pI60nbM8uPZy3+8KIDP3uSEykJUxDyvPH3ef5AvnKXHS:pr9+60nbnuY3PEykJ2M3ehAsHS
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
-
-
Target
6db47e78576c4401e9d49332fe0479198b85c1913b8a65624e06be057a343bad
-
Size
316KB
-
MD5
c13ab6261c8e7b7b6174fb70648b1d0f
-
SHA1
1c74fde2abadc91323c2b67cfd4e7f6fcb6af361
-
SHA256
6db47e78576c4401e9d49332fe0479198b85c1913b8a65624e06be057a343bad
-
SHA512
daf136cdce7e32781e8ca92685bfdde573332123922331c82fadbcc096f64dbe662fc31e7907e57d488c7ae650593f8cb67d92d70ce89621490448d662e598d1
-
SSDEEP
6144:Kvy+bnr+hp0yN90QEY6vZrMgX3eYK41E8OBURKaJZJ:lMrxy90emN3rKWOmEa/J
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
a0808edece606fc3c1a99c4b3de0d8a52146b27ab322c37bac9a2d6b917694c8
-
Size
1.2MB
-
MD5
bb41d5f97d231a988fb04438808e0257
-
SHA1
e48735903d4bf5c9b24848cdf1bb5e1368ee27ad
-
SHA256
a0808edece606fc3c1a99c4b3de0d8a52146b27ab322c37bac9a2d6b917694c8
-
SHA512
916ccd86d49de6863e666e7622e0b3322d6506feaa68db86b15e28c3c6e2dc07769adb24b206d0c04e0025c37110bc2c105934638a30d397e64cff3e0fdf5a2c
-
SSDEEP
24576:m7Tti2iBHFlaamX//waFYMsaFn7DET0B0m5TmOus:m7RilaamX//7BI0B0mgOus
Score10/10-
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
-
Suspicious use of SetThreadContext
-
-
-
Target
a510057561b44d36bd440745b4ad2a685c2d3db022032dc54586c96a3cae4896
-
Size
769KB
-
MD5
bae0e7cc8632ec0d3567370dbd9c1888
-
SHA1
097e313faf79ed043a66e80f181303d3156291df
-
SHA256
a510057561b44d36bd440745b4ad2a685c2d3db022032dc54586c96a3cae4896
-
SHA512
a3f5598565af81f2c5c485dde39705011db7a1572ab437c43a73116c4063a5a6932842315ced8c4ac1aa6f2b64a0c162830143c098ce9c372517560c253fdd72
-
SSDEEP
12288:hMrvy90390YhABZS1mX5sMfUnpJrvfKMJjeFGKcBKjiNJ93UOEknWR4+:ayIPhABZQm1fGJLKM+GLBKjmnnNW++
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
d5f7db438217721663938572626a0da7dca7a55289f9e3f27849dc176c1d7570
-
Size
316KB
-
MD5
b5adb49812a5bb1c30c1fd2e1a53a3a2
-
SHA1
c1acbb3aeeb052734fe08c09dc80b9492a8ede80
-
SHA256
d5f7db438217721663938572626a0da7dca7a55289f9e3f27849dc176c1d7570
-
SHA512
336740401f5c1f1f5fa40ad1a16174d57c3b12739c07e0dad616dda7aa722f7d2d3f116cfd7efc0b54cefeccbab401c62392c346609bf59f240a83a059d9d981
-
SSDEEP
6144:KBy+bnr+9p0yN90QEV6vZrMgX3eYK41E8OBURKaJ2KV:rMrVy90rmN3rKWOmEaYKV
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
da4db9abb9d0cb7a316fb229c93429667dc9006f687abf34a56c3627b86536ce
-
Size
1.2MB
-
MD5
bafb91181b008d29d93cfcda09d0cedb
-
SHA1
3b8ad0192652c669743a5791436721f78c676b9e
-
SHA256
da4db9abb9d0cb7a316fb229c93429667dc9006f687abf34a56c3627b86536ce
-
SHA512
9bbcc7b3c7ead621ebd2aadc8c584e91829f874725a8f14c4dd00a27e6ecd974acf97f0d1969cc4b5a369f7895dcb304e89794384ac80be1c6c05282e4bf2065
-
SSDEEP
24576:vKxiiAH280V6GfVDeRzFZMskrfQD5/tMHxh0ha57CQ1W6/s:vKAOV6GfVDePe+6RhL5A6/s
Score10/10-
Detect ZGRat V1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
-
-
Target
ebfcc654cdacff2dc1478f389cd7a39a61745e5ac937eab5fbd8fe64700f3196
-
Size
307KB
-
MD5
2aef580c2e5dd554165fd0943e77fdf5
-
SHA1
09fbcc71dfcd5862d67c89a1330c1078ec0924e9
-
SHA256
ebfcc654cdacff2dc1478f389cd7a39a61745e5ac937eab5fbd8fe64700f3196
-
SHA512
cadf5a120c7eacec5275fc65397d6a3049cef92cc351f96a973a72e63ae2269eac2579b2067ddf9d6d0eb02adc0ea69914dc62711964a8d69e5076d8f8db566e
-
SSDEEP
6144:Kjy+bnr+yp0yN90QEhop7pqcJz1ebq2SgfinjYeDah:BMrGy90Xop7pl4G2SgwYe+
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1