General
-
Target
Primordial.rar
-
Size
480KB
-
Sample
240524-ylj6mahd63
-
MD5
a9d5cb20c88e5773b1aeca5410bde80b
-
SHA1
42a688441d74dce92dd46432621bfecaee4443df
-
SHA256
d7e906c10bd103100ed0ce1d9fc4dd4c86b1ecacf50eb0b0db433373e0b45eb0
-
SHA512
c82f2d65105e285f04fa79fda50b705d2bde3ba7c26039232d82f40e9ddb561a2134b516c94d16da87bdbf2b3ea3adbc02fd60bb7ac153cb9cce34f34915326c
-
SSDEEP
12288:80WqCeiAAhewGOofL3aSDSy5oNy8QsiYYdLSBQU/Ac:yqXivhdkzDSy5oc8Qb4BPD
Static task
static1
Behavioral task
behavioral1
Sample
Primordial.rar
Resource
win10v2004-20240426-en
Behavioral task
behavioral2
Sample
Primordial.rar
Resource
win11-20240508-en
Behavioral task
behavioral3
Sample
Primordial.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral4
Sample
Primordial.exe
Resource
win11-20240426-en
Malware Config
Targets
-
-
Target
Primordial.rar
-
Size
480KB
-
MD5
a9d5cb20c88e5773b1aeca5410bde80b
-
SHA1
42a688441d74dce92dd46432621bfecaee4443df
-
SHA256
d7e906c10bd103100ed0ce1d9fc4dd4c86b1ecacf50eb0b0db433373e0b45eb0
-
SHA512
c82f2d65105e285f04fa79fda50b705d2bde3ba7c26039232d82f40e9ddb561a2134b516c94d16da87bdbf2b3ea3adbc02fd60bb7ac153cb9cce34f34915326c
-
SSDEEP
12288:80WqCeiAAhewGOofL3aSDSy5oNy8QsiYYdLSBQU/Ac:yqXivhdkzDSy5oc8Qb4BPD
Score3/10 -
-
-
Target
Primordial.exe
-
Size
899KB
-
MD5
6abe1e0a09755e1ce1c40332f60222ff
-
SHA1
4297b763dcfa6e59dc304c077e51f50556aae8ad
-
SHA256
7b3e0d0ddb1f8c53121a116d9dfa36c1eb052809b10b33a19c5c2aa44e936ab7
-
SHA512
8d1255b1aa5feb61fd81e36b505a45c426f9e709f06d041fc3b001c375dd5e187b5fc57c1b2aaf8966a2e47914d43535df015aa4bde2b8038b7ee4323d754946
-
SSDEEP
24576:tM4yNAyNCv6ieqr89plJ4Bq/Ymy6MmtvQWFsvJgXkeRD1HNndR1/z:tM4MCwqr89pliBq/YQvQuixAHV1/z
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-