Overview

overview

10

Static

static

1

Primordial.rar

windows10-2004-x64

3

Primordial.rar

windows11-21h2-x64

3

Primordial.exe

windows10-2004-x64

10

Primordial.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Primordial.rar

  • Size

    480KB

  • Sample

    240524-ylj6mahd63

  • MD5

    a9d5cb20c88e5773b1aeca5410bde80b

  • SHA1

    42a688441d74dce92dd46432621bfecaee4443df

  • SHA256

    d7e906c10bd103100ed0ce1d9fc4dd4c86b1ecacf50eb0b0db433373e0b45eb0

  • SHA512

    c82f2d65105e285f04fa79fda50b705d2bde3ba7c26039232d82f40e9ddb561a2134b516c94d16da87bdbf2b3ea3adbc02fd60bb7ac153cb9cce34f34915326c

  • SSDEEP

    12288:80WqCeiAAhewGOofL3aSDSy5oNy8QsiYYdLSBQU/Ac:yqXivhdkzDSy5oc8Qb4BPD

Score
10/10
redlinediscoveryinfostealerspywarestealer

Malware Config

Targets

    • Target

      Primordial.rar

    • Size

      480KB

    • MD5

      a9d5cb20c88e5773b1aeca5410bde80b

    • SHA1

      42a688441d74dce92dd46432621bfecaee4443df

    • SHA256

      d7e906c10bd103100ed0ce1d9fc4dd4c86b1ecacf50eb0b0db433373e0b45eb0

    • SHA512

      c82f2d65105e285f04fa79fda50b705d2bde3ba7c26039232d82f40e9ddb561a2134b516c94d16da87bdbf2b3ea3adbc02fd60bb7ac153cb9cce34f34915326c

    • SSDEEP

      12288:80WqCeiAAhewGOofL3aSDSy5oNy8QsiYYdLSBQU/Ac:yqXivhdkzDSy5oc8Qb4BPD

    Score
    3/10
    behavioral1behavioral2

    • Target

      Primordial.exe

    • Size

      899KB

    • MD5

      6abe1e0a09755e1ce1c40332f60222ff

    • SHA1

      4297b763dcfa6e59dc304c077e51f50556aae8ad

    • SHA256

      7b3e0d0ddb1f8c53121a116d9dfa36c1eb052809b10b33a19c5c2aa44e936ab7

    • SHA512

      8d1255b1aa5feb61fd81e36b505a45c426f9e709f06d041fc3b001c375dd5e187b5fc57c1b2aaf8966a2e47914d43535df015aa4bde2b8038b7ee4323d754946

    • SSDEEP

      24576:tM4yNAyNCv6ieqr89plJ4Bq/Ymy6MmtvQWFsvJgXkeRD1HNndR1/z:tM4MCwqr89pliBq/YQvQuixAHV1/z

    Score
    10/10
    redlinediscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks