General
-
Target
dc77bc57b387b7e3533138e903622509cea2f2f5564b519c57bfaab35bf773c6.exe
-
Size
5.5MB
-
Sample
240705-yew7lswhkb
-
MD5
509c110ee54d73c3398140a5eb78c45a
-
SHA1
04a2b8402af2053e3818f547a9bb78101a7002c2
-
SHA256
dc77bc57b387b7e3533138e903622509cea2f2f5564b519c57bfaab35bf773c6
-
SHA512
a908e48935bd8af79db2c28615f8dcb32793312d1fac4a06d22e26739fd05ff89e684e3d2210d4e6203035a7a843e8316bd918b37ff90898cdee93a3fe3ad8fb
-
SSDEEP
98304:lgLlvKyyLlqwYYHAnoMsOtFjqGvqT2n+LtQnDCdMzEkyziWP6fni5rolwi3lDhMY:lgRvKyykJBPjvqCsUDCEEVP6niel1lDB
Static task
static1
Behavioral task
behavioral1
Sample
dc77bc57b387b7e3533138e903622509cea2f2f5564b519c57bfaab35bf773c6.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
dc77bc57b387b7e3533138e903622509cea2f2f5564b519c57bfaab35bf773c6.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral3
Sample
⌚/38.exe
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
⌚/38.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral5
Sample
⌚/41.exe
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
⌚/41.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral7
Sample
⌚/ABC.exe
Resource
win7-20240705-en
Behavioral task
behavioral8
Sample
⌚/ABC.exe
Resource
win10v2004-20240704-en
Malware Config
Targets
-
-
Target
dc77bc57b387b7e3533138e903622509cea2f2f5564b519c57bfaab35bf773c6.exe
-
Size
5.5MB
-
MD5
509c110ee54d73c3398140a5eb78c45a
-
SHA1
04a2b8402af2053e3818f547a9bb78101a7002c2
-
SHA256
dc77bc57b387b7e3533138e903622509cea2f2f5564b519c57bfaab35bf773c6
-
SHA512
a908e48935bd8af79db2c28615f8dcb32793312d1fac4a06d22e26739fd05ff89e684e3d2210d4e6203035a7a843e8316bd918b37ff90898cdee93a3fe3ad8fb
-
SSDEEP
98304:lgLlvKyyLlqwYYHAnoMsOtFjqGvqT2n+LtQnDCdMzEkyziWP6fni5rolwi3lDhMY:lgRvKyykJBPjvqCsUDCEEVP6niel1lDB
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Creates new service(s)
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
⌚/38.exe
-
Size
4.7MB
-
MD5
ca43f43bd60696a071914f7d56dfb170
-
SHA1
0395c64a4cfc0c5b5e4f0213a2947e8971db0646
-
SHA256
c589837b7c914750d50c96183a6133940d0770d0a690c81b7594dafad925b8a9
-
SHA512
5a476ade3e31ecdd01544111912bdf3cc43883c32703b72d698420c1ee7ec839c01cb7eadc7bfdc2f94ea7b4caac2e2a4e3f3ee088f1a1674a242d4db8d4a3be
-
SSDEEP
98304:ue5sDcJRr2LDOKwWDxVkZUm9i+lvBJ7fCwrra37elTmHzVczwqYrmhLyK:ue2I7r2LDbxVkZUmDlJFf/aZ7qN
Score1/10 -
-
-
Target
⌚/41.exe
-
Size
1.0MB
-
MD5
d3d07dbbf681e20fb2c58e5a8916a78e
-
SHA1
1964d2e5081b7a711fd6de9c48beada5adfe0daf
-
SHA256
4911bbaedcca532e468702601a467444f6bfcf65d940bed75fcaaca9d06c8150
-
SHA512
42b2d6cdb522cd374f2b688ac47c62faae5416790a70930088dee5a2fa21561372bbef0bcd2c689b23f01f85347fd5b3c69d3d35193c4c9d57a6fb4251149951
-
SSDEEP
24576:tXUMntwbcqSFcisZLm1p/2Jgo2YPD0MIh0is:/wUFLH/2ayRIhHs
Score1/10 -
-
-
Target
⌚/ABC.exe
-
Size
13KB
-
MD5
2808310786effc87a4359c778a73a7ee
-
SHA1
525f278678ad73a34c368f0afc4558ed0454f076
-
SHA256
33d9753ee9b3920352b743d72adfd62c969ab0619eb5673151f478ebdfa197a5
-
SHA512
02348e663f215ff6cf37cccea7ea4da3c53362aa75a1a0a88279b9a0acbf60deb30829b47ff7ce1ae97c43ca52b7e09ca90cbb621fee2da1a0ddcc65677c0d67
-
SSDEEP
384:RWaw77Ke8FeO+DK32XzUzxcRx8ptYcFwVc03K:2KFqIUxItYcFwVc6K
Score1/10 -
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1System Services
2Service Execution
2Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Power Settings
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2