Overview

overview

10

Static

static

3

0de9ceb4a3...69.exe

windows7-x64

3

0de9ceb4a3...69.exe

windows10-2004-x64

10

0e996fcc71...f5.exe

windows7-x64

3

0e996fcc71...f5.exe

windows10-2004-x64

10

2ab1df3f8f...6b.exe

windows7-x64

3

2ab1df3f8f...6b.exe

windows10-2004-x64

10

2d7becaac8...2a.exe

windows10-2004-x64

10

50b189382d...9a.exe

windows7-x64

3

50b189382d...9a.exe

windows10-2004-x64

10

57959e3af4...c6.exe

windows7-x64

3

57959e3af4...c6.exe

windows10-2004-x64

10

5f7c9e83d8...c5.exe

windows7-x64

3

5f7c9e83d8...c5.exe

windows10-2004-x64

10

64b48352a0...25.exe

windows7-x64

3

64b48352a0...25.exe

windows10-2004-x64

10

8a870280a0...35.exe

windows7-x64

3

8a870280a0...35.exe

windows10-2004-x64

10

8f1e4113ca...56.exe

windows7-x64

3

8f1e4113ca...56.exe

windows10-2004-x64

10

94cb7f4064...ae.exe

windows10-2004-x64

10

9d876cd8a7...ed.exe

windows7-x64

3

9d876cd8a7...ed.exe

windows10-2004-x64

10

a4fbd5dfa9...dd.exe

windows7-x64

10

a4fbd5dfa9...dd.exe

windows10-2004-x64

10

b3796a101c...4b.exe

windows10-2004-x64

7

f09814000e...42.exe

windows7-x64

3

f09814000e...42.exe

windows10-2004-x64

10

f18a59d97c...79.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    red1.zip

  • Size

    36.5MB

  • Sample

    240513-nytkqaea77

  • MD5

    249475b7d7b4ba7b956368fb15c58df6

  • SHA1

    e6f1949cfccfb779e5a30d30dd4e7d3288cf2858

  • SHA256

    c65fbeeb19e8ffe3f794dd544812c9626bd23f5c3a685897307f43c45270786c

  • SHA512

    a7c1bb0ed16f305d974afe5cd203107b659a95251090823406bd8eb1e49da05f64baaf4537244d31ea57dacd98df449a797a211c586baa12b741d3673d923bf9

  • SSDEEP

    786432:WR64dLbRB3QsqCoLrmhLjB06S35kg6UKhqJHzk13EfEw/Oy:WRJP3+hmI3XK0JHgtEl/z

Score
10/10
healerlummaredlinesectopratzgrat5195552529534598742056374825997001210066@gennadiy_mudazvonov1@txtheaddimasdiscoverydropperevasioninfostealerpersistenceratspywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

@txthead

C2

94.156.8.193:34427

Extracted

Family

redline

Botnet

5345987420

C2

https://pastebin.com/raw/NgsUAPya

Extracted

Family

redline

Botnet

7001210066

C2

https://pastebin.com/raw/NgsUAPya

Extracted

Family

redline

Botnet

5637482599

C2

https://pastebin.com/raw/NgsUAPya

Extracted

Family

redline

Botnet

5195552529

C2

https://pastebin.com/raw/NgsUAPya

Extracted

Family

lumma

C2

https://sloganprogrevidefkso.shop/api

https://sofaprivateawarderysj.shop/api

https://lineagelasserytailsd.shop/api

https://tendencyportionjsuk.shop/api

https://headraisepresidensu.shop/api

https://appetitesallooonsj.shop/api

https://minorittyeffeoos.shop/api

https://prideconstituiiosjk.shop/api

https://smallelementyjdui.shop/api

https://acceptabledcooeprs.shop/api

https://obsceneclassyjuwks.shop/api

https://zippyfinickysofwps.shop/api

https://miniaturefinerninewjs.shop/api

https://plaintediousidowsko.shop/api

https://sweetsquarediaslw.shop/api

https://holicisticscrarws.shop/api

https://boredimperissvieos.shop/api

Extracted

Family

redline

Botnet

@gennadiy_mudazvonov1

C2

82.115.223.236:26393

Attributes
  • auth_value

    6bda425a78ff4c6e5a0e1be9d395ecce

Extracted

Family

redline

Botnet

dimas

C2

185.161.248.75:4132

Attributes
  • auth_value

    a5db9b1c53c704e612bccc93ccdb5539

Targets

    • Target

      0de9ceb4a3f0c63cb68673edcd3c26b70ac2ec4f12d5cdf1d81db75f95ef3e69

    • Size

      1.2MB

    • MD5

      a80890a0807fe59ca7331d8bae6f3768

    • SHA1

      30442aad7f7129a0e9b575830b41aca203bffda7

    • SHA256

      0de9ceb4a3f0c63cb68673edcd3c26b70ac2ec4f12d5cdf1d81db75f95ef3e69

    • SHA512

      edf4c982d544d391366813c9310aec05a7df6c40844e467756a98d0c19e9c33bdfbff8e5595334224bed9060691f2deb3daae48e0894808430d36e90c12a07cb

    • SSDEEP

      24576:BJXCijJIK8li6v93OhhvTMsY5BeDnS/8At1s:BJSxli6v93O3iJvs

    Score
    10/10
    lummastealer

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      0e996fcc71a35f368ba66b5bcbbbd91872770dfbf086c97dd4f55f6a6a7d8df5

    • Size

      306KB

    • MD5

      261ee0f076bc6f7d37834fc4a3f4c21b

    • SHA1

      46f6c26e73d8d1a98f0432566d3060f93ab7a7e8

    • SHA256

      0e996fcc71a35f368ba66b5bcbbbd91872770dfbf086c97dd4f55f6a6a7d8df5

    • SHA512

      560666a996fd57530ffdc0c9e3993978bf9875d0d0da25d6404ba262f3cce18fd4766b4202b752eb4a229846b1b6ab4473611ad41a181f80a05ac1639ba7367d

    • SSDEEP

      6144:94Z19vSWh60RVAtljy114OfS0BP+DOba6pZEJyL98B:6Z6WhHO8BPeX6p2yL98B

    Score
    10/10
    redline5195552529discoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

    • Target

      2ab1df3f8fef1caee2ac62a5a72a677c82d0cc62b831066d9caa7cd26be2e26b

    • Size

      1.2MB

    • MD5

      f84173f34e2dde73b09e195674093006

    • SHA1

      ac48cb5947b04688398d45f330497c2e2139e82b

    • SHA256

      2ab1df3f8fef1caee2ac62a5a72a677c82d0cc62b831066d9caa7cd26be2e26b

    • SHA512

      fee46161a9fbb2762feb9bef37ddfccf96a5de6f11f0113197ad5b13ab280c738a3ed000e655a6aec55a615c5f916d9c2b30d37de197aae2e5536f2ea6e02d58

    • SSDEEP

      24576:ofRaixH28+VpdGfVDeJJmJMsGM5aDnLmXs7Ms:ofsnVpdGfVDe2PGyXsgs

    Score
    10/10
    redlinezgratdiscoveryinfostealerratspywarestealer

    • Detect ZGRat V1

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral5behavioral6

    • Target

      2d7becaac8437a8c0258bb0f063a1a2af48f03d8a3322e7389e31d21b2350a2a

    • Size

      875KB

    • MD5

      a79bf80a36da2888a0165e642506d0e9

    • SHA1

      b5666db7bfa8f68440a2c0839cb6aad12f6e3020

    • SHA256

      2d7becaac8437a8c0258bb0f063a1a2af48f03d8a3322e7389e31d21b2350a2a

    • SHA512

      895782db976539dfe02fbe0e703c8587c7200f14971e4dd4a9cf2d8073b9b1d2a5664ff9e79a43310a59fbac53d1a47102836866a278b3a13644f3da1c58f592

    • SSDEEP

      12288:+MrOy901QayZqu/eRH9Wc5/dxPVQ6Yqha+jd1xDHT8/yJleErc2T:cy9ClH9P5fPVQ6YqZ5CyLeEf

    Score
    10/10
    redlinedimasevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral7

    • Target

      50b189382de3005433c015bc4f22fa6a9cebf1525a24a8eeb6fb3cf59ad3489a

    • Size

      208KB

    • MD5

      aae5289f383018394df591dd8ae01237

    • SHA1

      9e9761e8e61b59939019a14b7068bd0eb4f387a5

    • SHA256

      50b189382de3005433c015bc4f22fa6a9cebf1525a24a8eeb6fb3cf59ad3489a

    • SHA512

      32c248f1315b92b066fd764030db0d945dca282ca4b237959d607b04244eca88dd8cb482d32e804e3a220a40b5a7e77dbd4d964e94f87ed161bf82e7422e72b1

    • SSDEEP

      6144:i6xIXRrm9NBJT8Si3Fjuk0bw6BE7Uowqyesp9:i8IU9+VjpPJsp9

    Score
    10/10
    redline5195552529discoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral8behavioral9

    • Target

      57959e3af4c320aee2b25232e4f113ef2f450d94cb99bbef61b762a6a63ff2c6

    • Size

      994KB

    • MD5

      ebf683e56e67d4947a5ba992ed9d2f5a

    • SHA1

      51fcc95229de29180b738f426951e85af42b041a

    • SHA256

      57959e3af4c320aee2b25232e4f113ef2f450d94cb99bbef61b762a6a63ff2c6

    • SHA512

      0d1955260f0a5c0a8baa232aeea2cc9492576e46de00122f31280ee115dfaa2084ae9e081138e59f9d4d2ff475ac4da0a45cdb2f8770072970808318581b73ff

    • SSDEEP

      24576:6+KwiEu1zBt9qQ9fzrNXZMsCunBDwrqGYErtVs:6+/gt9qQ9fzFNie1es

    Score
    10/10
    redlinesectoprat@txtheaddiscoveryinfostealerratspywarestealertrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral10behavioral11

    • Target

      5f7c9e83d80a652c6bde9ce18eaca08f9cb8a8012568629c5813a8e40f7e7ac5

    • Size

      332KB

    • MD5

      2a84ac6a70bf18fce3d4af2b04356f16

    • SHA1

      4a9d0508a54994bac1ab3543be1c19ca80db0d9a

    • SHA256

      5f7c9e83d80a652c6bde9ce18eaca08f9cb8a8012568629c5813a8e40f7e7ac5

    • SHA512

      554f6d13b08359b48fabedf051584c90975c1066c6dc01379f16ef360cb30bf11b13ca9a988242429a8bf7e3c25e7e405a18a5d2d844241f0850e49c7720d579

    • SSDEEP

      6144:11Bwp/lwz9PI8/T6f5mUz7S3RMyghv1P9NKkY4WB4NSFUv1qcoH5+0Xp:1Pjz9PI8/Tzeyg91pY4WBJO1qcT0Xp

    Score
    10/10
    redline5345987420discoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral12behavioral13

    • Target

      64b48352a0dd795ca6516c50657af217337775242d7cc7c6b88a2881a343a825

    • Size

      976KB

    • MD5

      ad83fba289a0c54dec833a0d5f52f097

    • SHA1

      1293929940ff68b00adbc366558d2073697ab653

    • SHA256

      64b48352a0dd795ca6516c50657af217337775242d7cc7c6b88a2881a343a825

    • SHA512

      06eaa50634a1b6486373ae2cea2a16cb7a24d275559ac0536598f9618ab97a721ae6d42e97031ed3a61a5fcd5a01c69dcd37177fdbdbf1d17900792363368818

    • SSDEEP

      12288:tDSmk3QSIvpbmlbqYfMG7k+ezHvyOWUtggrafGeZleuzYrx5dGsLQv6rHfNY0l:AXIvpbmUYfMG7M/Ltggry47QZ

    Score
    10/10
    redline7001210066discoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral14behavioral15

    • Target

      8a870280a0dc165cadf46427c4e47c56d3fa42aa2cf823a54358bf48f5102435

    • Size

      332KB

    • MD5

      f98aa564c242bfb196410e0790d86bec

    • SHA1

      c882a94a6303f80aca544fad54502ae09289d107

    • SHA256

      8a870280a0dc165cadf46427c4e47c56d3fa42aa2cf823a54358bf48f5102435

    • SHA512

      695ccefb3486c9a1e04eafa38f9a58b66360b0529dcaec4b73925985220be1f244b19ce59a22cd0f179245380d87bd2e3bb3f5aa394b61fede1a80f756dc2fbd

    • SSDEEP

      6144:03TwjHHEJ9B4S9re5BAYhePRmygh6BSJ/Yt7wuo1+Wjnhx+0Xp:0DrJ9B4S9rPiygcBO/q++6U0Xp

    Score
    10/10
    redline5637482599discoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral16behavioral17

    • Target

      8f1e4113cab4b08359d501a8144bada9b1e16e7c08944bd38dffc1b93f044a56

    • Size

      208KB

    • MD5

      acd864649f22cdb41e2a4ad5901ce604

    • SHA1

      f744b0b5be5b8408c53f237cbd7bc6f8ab78fea9

    • SHA256

      8f1e4113cab4b08359d501a8144bada9b1e16e7c08944bd38dffc1b93f044a56

    • SHA512

      b5da95cfb3287b37c5f0f08893f8270c30193f5aa4b2497e7fac7768d365f8eb52128e544c53cf1e2c908b012dab71a2bbd115c1e944a9c1aa3ef8d37d161e7c

    • SSDEEP

      6144:3SJYv5kWv99TVWSLymqaT/QOCNKulzLYbXEBmTNespV:3cY99ZVWzm9zLopoXwmTYspV

    Score
    10/10
    redline5195552529discoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral18behavioral19

    • Target

      94cb7f4064a3c804b1fa19c3f5dc17ae361ced8153e20bd02842c65e16d1e3ae

    • Size

      307KB

    • MD5

      24113d3ed2dc8ba8789b2874addb0750

    • SHA1

      2901dff1dd1b5b619d48c8d04d22c185922e651b

    • SHA256

      94cb7f4064a3c804b1fa19c3f5dc17ae361ced8153e20bd02842c65e16d1e3ae

    • SHA512

      409754870b1cf18269d84a798f69e11cb54540d12217fc0674524ef0e3d42ce38d199d45b7e1b7cb96a70fff87704561b6208bb58bc2628881b9a3d7422aecc7

    • SSDEEP

      6144:Kxy+bnr++p0yN90QEA5F5OYc1u31g4TBylzQbR/JOF:HMriy90mxc1u31TTEtQb1JOF

    Score
    10/10
    healerredlinedropperevasioninfostealerpersistencetrojan

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

      dropperhealer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral20

    • Target

      9d876cd8a7ae7579651cacc17adc0cb431edfb9d97ab5211307feacb7d83fced

    • Size

      531KB

    • MD5

      f634c778cd8fcd6361daaf5732645b00

    • SHA1

      3dfa1d4822bee408a6f69464db0b4f8dd7424e29

    • SHA256

      9d876cd8a7ae7579651cacc17adc0cb431edfb9d97ab5211307feacb7d83fced

    • SHA512

      0485aa3208d7a4e686fd7299205f7e639fe9064d01c32483f73a0e5b3caddba0b0d2de8981b96da2fe75cc712d3afffb12917c23a8bf4b62efdafb3b98a6fbe0

    • SSDEEP

      12288:AxQcJAQhiF2Emygu3BgkBL6I8Xgxwc49Ba4xEQq53k0Xp:AxQ0hiBBt5swxwc4904qr53R

    Score
    10/10
    lummastealer

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

      stealerlumma

    • Suspicious use of SetThreadContext

    behavioral21behavioral22

    • Target

      a4fbd5dfa976d2526590065d16e166ae2ba5b58a17bdcc8d1efbaca35ae55cdd

    • Size

      281KB

    • MD5

      224ebb289e52c9f3a4c2bd583dab2d7c

    • SHA1

      8cc0b7dd2fad4fac37cb87ab3c5027a061fdebb5

    • SHA256

      a4fbd5dfa976d2526590065d16e166ae2ba5b58a17bdcc8d1efbaca35ae55cdd

    • SHA512

      ea21feaa211f24f25106c5ec7825f575ad9a2e1d582a9908107d9a9b866db2baeedfc6fd4c6034d492c61491bc06d7c5cda14a31bce6e59c24a9c9537d7d2e2f

    • SSDEEP

      6144:Wk65a4mpI1TJe8makPXbhaEW1MvBf5rXweiV/:uMVAJ8PX1aEWapxjm/

    Score
    10/10
    redline@gennadiy_mudazvonov1infostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Suspicious use of SetThreadContext

    behavioral23behavioral24

    • Target

      b3796a101c5472ec92ed408404994548910bcae44a8f6d05925785b914dc7c4b

    • Size

      22.6MB

    • MD5

      f405a45c4ecd213fded56e340298c9d6

    • SHA1

      73ee6bdc0b4175894fd23d58fe4696997288e7ca

    • SHA256

      b3796a101c5472ec92ed408404994548910bcae44a8f6d05925785b914dc7c4b

    • SHA512

      3db273d29319f8c41eb7a94098b480caf1b19bdd710471688d2e0d7b587d3cc2572c62ee0f917cc282c48405771374bca86d4138bf3d803960e6b3bb6f0abae4

    • SSDEEP

      393216:Lt1OnpMR8K/HxAhnUMsXCSqOfkjABM96q7oGfM58Q5rm+qmpQo69rZkxPTWl3cdC:LtyO/Hx4UhO0hMAngM58crm4pk9rZkxo

    Score
    7/10
    persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral25

    • Target

      f09814000e7cb43d244be02b82ed9e60e120494de3b1919428114f861d94a542

    • Size

      293KB

    • MD5

      211600fc9d7a1bf494c8192d479934b7

    • SHA1

      fab67178bc9529a5abdd33647028ca9d7d3a61ae

    • SHA256

      f09814000e7cb43d244be02b82ed9e60e120494de3b1919428114f861d94a542

    • SHA512

      d23e060d62722bad4d258e0742d23e17ba375e930a23e3a6323735944b07f4f26ab74abaaf81b41f1f0fcbe3fb8f0a02097e45df40ff606c1100c9ad7f272aac

    • SSDEEP

      6144:eVwlC1u/z2xPFdGXz3F/CpFbrCl1vdewk4VY1naO0:I1u/z2xt8Qp5G1vdxk4VYQO0

    Score
    10/10
    redline5195552529discoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral26behavioral27

    • Target

      f18a59d97c873b24dac2d0b58c2c05627cd4379185e2fad2bbdbac27c2174d79

    • Size

      9.2MB

    • MD5

      eddba78e2b822728a58f9672933ef493

    • SHA1

      da324746f626810e779ff2569f85d82ed34721a1

    • SHA256

      f18a59d97c873b24dac2d0b58c2c05627cd4379185e2fad2bbdbac27c2174d79

    • SHA512

      4b5576694dcdc77a1c5b2b4417facf65dbb6a5e54dfbcef0f53f4b9a1c9474989ca0d0ff8c2822d524b0282b3dad160fe5e752e1b4fed33aca4d558087792427

    • SSDEEP

      196608:HUSPQiZ2PwXsow5QzwWSlv/e2FpLEvZkm7vRjJ+A8uKgiUT:HFIabQiwWqv7X4emr3+Az

    Score
    7/10
    persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral28

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

Score
3/10

behavioral2

lummastealer
Score
10/10

behavioral3

Score
3/10

behavioral4

redline5195552529discoveryinfostealerspywarestealer
Score
10/10

behavioral5

Score
3/10

behavioral6

redlinezgratdiscoveryinfostealerratspywarestealer
Score
10/10

behavioral7

redlinedimasevasioninfostealerpersistencetrojan
Score
10/10

behavioral8

Score
3/10

behavioral9

redline5195552529discoveryinfostealerspywarestealer
Score
10/10

behavioral10

Score
3/10

behavioral11

redlinesectoprat@txtheaddiscoveryinfostealerratspywarestealertrojan
Score
10/10

behavioral12

Score
3/10

behavioral13

redline5345987420discoveryinfostealerspywarestealer
Score
10/10

behavioral14

Score
3/10

behavioral15

redline7001210066discoveryinfostealerspywarestealer
Score
10/10

behavioral16

Score
3/10

behavioral17

redline5637482599discoveryinfostealerspywarestealer
Score
10/10

behavioral18

Score
3/10

behavioral19

redline5195552529discoveryinfostealerspywarestealer
Score
10/10

behavioral20

healerredlinedropperevasioninfostealerpersistencetrojan
Score
10/10

behavioral21

Score
3/10

behavioral22

lummastealer
Score
10/10

behavioral23

redline@gennadiy_mudazvonov1infostealer
Score
10/10

behavioral24

redline@gennadiy_mudazvonov1infostealer
Score
10/10

behavioral25

persistence
Score
7/10

behavioral26

Score
3/10

behavioral27

redline5195552529discoveryinfostealerspywarestealer
Score
10/10

behavioral28

persistence
Score
7/10