General
-
Target
https://www.mediafire.com/file/jix0dyorugc3rdb/Lyger.zip/file
-
Sample
240522-j6fllshd6v
Score
10/10
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.mediafire.com/file/jix0dyorugc3rdb/Lyger.zip/file
Resource
win11-20240508-en
26 signatures
1800 seconds
Malware Config
Extracted
Family
redline
C2
194.26.232.43:20746
Targets
-
-
Target
https://www.mediafire.com/file/jix0dyorugc3rdb/Lyger.zip/file
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Subvert Trust Controls
1Install Root Certificate
1Modify Registry
1