Overview

overview

10

Static

static

10

Kurome.Bui...er.exe

windows11-21h2-x64

1

Kurome.Hos...st.exe

windows11-21h2-x64

1

Kurome.Loa...er.exe

windows11-21h2-x64

4

Panel/RedL...el.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ReadMe.zip

  • Size

    14.9MB

  • Sample

    240709-gwxq2azbkq

  • MD5

    e8a1ccdf44f6a9fa4ae94c7bea185acc

  • SHA1

    facc8af5842ade672838a1d5977eb5ec78a97435

  • SHA256

    ced2b48ca2870182bc3ae1af0a4d6f4da454c1bef1f8bd1749a6dd6bc089d093

  • SHA512

    b3208b3565aa3f1e1c0368f033fe9b981b3df07ab4cbda90ec039dafe75ec81fda38664156b7c2e0c56568f71ca20da61e2ac184d3c50485ea32831feef58f1c

  • SSDEEP

    393216:5+CDi5ywU1ePIEqlUq5vnrlmQhVjCuPgbjKxHCofV5sN5ltwFeeILR:8CDio7NSqFrlnfCu1CSQTTwF6LR

Score
10/10
redlinesectopratinfostealer

Malware Config

Targets

    • Target

      Kurome.Builder/Kurome.Builder.exe

    • Size

      137KB

    • MD5

      cf38a4bde3fe5456dcaf2b28d3bfb709

    • SHA1

      711518af5fa13f921f3273935510627280730543

    • SHA256

      c47b78e566425fc4165a83b2661313e41ee8d66241f7bea7723304a6a751595e

    • SHA512

      3302b270ee028868ff877fa291c51e6c8b12478e7d873ddb9009bb68b55bd3a08a2756619b4415a76a5b4167abd7c7c3b9cc9f44c32a29225ff0fc2f94a1a4cc

    • SSDEEP

      3072:abrwd8T7vH96NLS+ld4qRdxtiZQRWkmVnt749m3DIo9O:aH3TLH96NLS+n46dxICRcVntX

    Score
    1/10
    behavioral1

    • Target

      Kurome.Host/Kurome.Host.exe

    • Size

      119KB

    • MD5

      4fde0f80c408af27a8d3ddeffea12251

    • SHA1

      e834291127af150ce287443c5ea607a7ae337484

    • SHA256

      1b644cdb1c7247c07d810c0ea10bec34dc5600f3645589690a219de08cf2dedb

    • SHA512

      3693aeaa2cc276060b899f21f6f57f435b75fec5bcd7725b2dd79043b341c12ebc29bd43b287eb22a3e31fd2b50c4fa36bf020f9f3db5e2f75fe8cc747eca5f5

    • SSDEEP

      3072:KEdjrOO8+K46SgVE+mxzqT67iLRi/Gj81GUpYb:KjQjgPmxzq27iLRiuAPp

    Score
    1/10
    behavioral2

    • Target

      Kurome.Loader/Kurome.Loader.exe

    • Size

      2.2MB

    • MD5

      a3ec05d5872f45528bbd05aeecf0a4ba

    • SHA1

      68486279c63457b0579d86cd44dd65279f22d36f

    • SHA256

      d4797b2e4957c9041ba32454657f5d9a457851c6b5845a57e0e5397707e7773e

    • SHA512

      b96b582bb26cb40dbb2a0709a6c88acd87242d0607d548473e3023ffa0a6c9348922a98a4948f105ea0b8224a3930af1e698c6cee3c36ca6a83df6d20c868e8e

    • SSDEEP

      49152:KSmo0SdsEoRykUuulqasMwMcdZa9FHeXXGFr3sylP2/BQ7MWV:lm7UQRyksl9cXwFHeX2t8y21

    Score
    4/10
    behavioral3

    • Target

      Panel/RedLine_20_2/Panel/Panel.exe

    • Size

      9.3MB

    • MD5

      f4e19b67ef27af1434151a512860574e

    • SHA1

      56304fc2729974124341e697f3b21c84a8dd242a

    • SHA256

      c7a8709013ada38fc2e1ceb3b15631f2aea8e156eb3f0aa197e02df1259a493a

    • SHA512

      a92e73d58c51bb74618987f06166f52a65ed1525410aec1b8e377ea8547c1123e313e13e305310f7a750c4561756d87ff558670bf4df8b62ea874d6f7c14ca77

    • SSDEEP

      196608:mJQaPHrQqXs140qMhu8369sV+HLz9SKUeNdDhHidVI1SM52n3iWuUZ/c1sxXoP3p:mJQaPHrQqXs140qMhu8369sV+HLz9SKI

    Score
    10/10
    redlineinfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks