General
-
Target
ReadMe.zip
-
Size
14.9MB
-
Sample
240709-gwxq2azbkq
-
MD5
e8a1ccdf44f6a9fa4ae94c7bea185acc
-
SHA1
facc8af5842ade672838a1d5977eb5ec78a97435
-
SHA256
ced2b48ca2870182bc3ae1af0a4d6f4da454c1bef1f8bd1749a6dd6bc089d093
-
SHA512
b3208b3565aa3f1e1c0368f033fe9b981b3df07ab4cbda90ec039dafe75ec81fda38664156b7c2e0c56568f71ca20da61e2ac184d3c50485ea32831feef58f1c
-
SSDEEP
393216:5+CDi5ywU1ePIEqlUq5vnrlmQhVjCuPgbjKxHCofV5sN5ltwFeeILR:8CDio7NSqFrlnfCu1CSQTTwF6LR
Behavioral task
behavioral1
Sample
Kurome.Builder/Kurome.Builder.exe
Resource
win11-20240704-en
Behavioral task
behavioral2
Sample
Kurome.Host/Kurome.Host.exe
Resource
win11-20240704-en
Behavioral task
behavioral3
Sample
Kurome.Loader/Kurome.Loader.exe
Resource
win11-20240704-en
Behavioral task
behavioral4
Sample
Panel/RedLine_20_2/Panel/Panel.exe
Resource
win11-20240704-en
Malware Config
Targets
-
-
Target
Kurome.Builder/Kurome.Builder.exe
-
Size
137KB
-
MD5
cf38a4bde3fe5456dcaf2b28d3bfb709
-
SHA1
711518af5fa13f921f3273935510627280730543
-
SHA256
c47b78e566425fc4165a83b2661313e41ee8d66241f7bea7723304a6a751595e
-
SHA512
3302b270ee028868ff877fa291c51e6c8b12478e7d873ddb9009bb68b55bd3a08a2756619b4415a76a5b4167abd7c7c3b9cc9f44c32a29225ff0fc2f94a1a4cc
-
SSDEEP
3072:abrwd8T7vH96NLS+ld4qRdxtiZQRWkmVnt749m3DIo9O:aH3TLH96NLS+n46dxICRcVntX
Score1/10 -
-
-
Target
Kurome.Host/Kurome.Host.exe
-
Size
119KB
-
MD5
4fde0f80c408af27a8d3ddeffea12251
-
SHA1
e834291127af150ce287443c5ea607a7ae337484
-
SHA256
1b644cdb1c7247c07d810c0ea10bec34dc5600f3645589690a219de08cf2dedb
-
SHA512
3693aeaa2cc276060b899f21f6f57f435b75fec5bcd7725b2dd79043b341c12ebc29bd43b287eb22a3e31fd2b50c4fa36bf020f9f3db5e2f75fe8cc747eca5f5
-
SSDEEP
3072:KEdjrOO8+K46SgVE+mxzqT67iLRi/Gj81GUpYb:KjQjgPmxzq27iLRiuAPp
Score1/10 -
-
-
Target
Kurome.Loader/Kurome.Loader.exe
-
Size
2.2MB
-
MD5
a3ec05d5872f45528bbd05aeecf0a4ba
-
SHA1
68486279c63457b0579d86cd44dd65279f22d36f
-
SHA256
d4797b2e4957c9041ba32454657f5d9a457851c6b5845a57e0e5397707e7773e
-
SHA512
b96b582bb26cb40dbb2a0709a6c88acd87242d0607d548473e3023ffa0a6c9348922a98a4948f105ea0b8224a3930af1e698c6cee3c36ca6a83df6d20c868e8e
-
SSDEEP
49152:KSmo0SdsEoRykUuulqasMwMcdZa9FHeXXGFr3sylP2/BQ7MWV:lm7UQRyksl9cXwFHeX2t8y21
Score4/10 -
-
-
Target
Panel/RedLine_20_2/Panel/Panel.exe
-
Size
9.3MB
-
MD5
f4e19b67ef27af1434151a512860574e
-
SHA1
56304fc2729974124341e697f3b21c84a8dd242a
-
SHA256
c7a8709013ada38fc2e1ceb3b15631f2aea8e156eb3f0aa197e02df1259a493a
-
SHA512
a92e73d58c51bb74618987f06166f52a65ed1525410aec1b8e377ea8547c1123e313e13e305310f7a750c4561756d87ff558670bf4df8b62ea874d6f7c14ca77
-
SSDEEP
196608:mJQaPHrQqXs140qMhu8369sV+HLz9SKUeNdDhHidVI1SM52n3iWuUZ/c1sxXoP3p:mJQaPHrQqXs140qMhu8369sV+HLz9SKI
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-