Overview

overview

10

Static

static

3

RFQ-SW M-0...RE.exe

windows7-x64

10

RFQ-SW M-0...RE.exe

windows10-2004-x64

10

extnet.dll

windows7-x64

1

extnet.dll

windows10-2004-x64

1

jli.dll

windows7-x64

10

jli.dll

windows10-2004-x64

10

msvcpcore.dll

windows7-x64

1

msvcpcore.dll

windows10-2004-x64

1

prefs.dll

windows7-x64

1

prefs.dll

windows10-2004-x64

1

vcruntime140.dll

windows7-x64

1

vcruntime140.dll

windows10-2004-x64

1

vcruntime140_1.dll

windows7-x64

1

vcruntime140_1.dll

windows10-2004-x64

1

Resubmissions

29-07-2024 20:42

240729-zhay8atfmb 10

26-07-2024 11:22

240726-ng188sycjb 10

25-07-2024 05:05

240725-fqw2watble 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a86d97fe008bfeb8568930bfa03e0057f77b0c8a46048ff011af244bfcefee59.zip

  • Size

    1.1MB

  • Sample

    240725-fqw2watble

  • MD5

    435ff08a82c3eacc14a1a46cf1553416

  • SHA1

    c049641ee17d4ab8b898ec112f9f99dbe77119a7

  • SHA256

    a86d97fe008bfeb8568930bfa03e0057f77b0c8a46048ff011af244bfcefee59

  • SHA512

    3e94d9ad3c3766eadc77b104a2db247b118b0ce04fc6b277a8f93150e89eb93c205329724a58c0a55117d699c3eb6277eca97d3d441f06b9fb142e23abdbccab

  • SSDEEP

    24576:w+Shb0Ug8XZdz5hrwoXo96VoroJju3wqHq4U3XbY6A3v3rII:Fcb0KVRwm86VorEjTqqF3Xcp

Score
10/10
redlinesectopratlovatocredential_accessdiscoveryinfostealerratspywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

lovato

C2

57.128.132.216:55123

Targets

    • Target

      RFQ-SW M-0013091-DHABI HARDWARE.exe

    • Size

      24KB

    • MD5

      9f6938e89824ccce04a9272087dec776

    • SHA1

      7f19bee228698f4b0bb90b40c6ca2bcadc326a66

    • SHA256

      b500874cd5939223c2b7cb52134bef3a3bf6ab1c1d112bf27c6b5e5b15f8177f

    • SHA512

      e0052a1bcf5d5ab910da6541c51338e1215a265e8521260bf08ab00ac0320653dafab565ef616d7f1192fb55d4b0feb1666b1a73fcc7b08ae0ac0e625f4b67e1

    • SSDEEP

      384:eM4cghl1oqCrKFf4H5A2eFP27xWkVbgWUlIx4cNWcG0FP27NBY3Yuv+ivM:WSqbFQH5iKxnVbgvqxNNZK/Y/+

    Score
    10/10
    redlinesectopratlovatocredential_accessdiscoveryinfostealerratspywarestealertrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      extnet.dll

    • Size

      24KB

    • MD5

      09933bf55c8ebf5e8cf1feb176481801

    • SHA1

      c1c20be9a15ecccf6aaa480af2393ca636809f32

    • SHA256

      0f3c856246dd80f30c849156253a5c29ec3e129e366fdd51d2ca8823a516c3e9

    • SHA512

      f012f7e803afc67a6b8055ac07632f611be49b11f8f41bd06a24f5cc93ad7edbdbb34c732267b98bcc254382b570cf923e04edadf1482cf01a47e4908fb4c3ca

    • SSDEEP

      384:sV18LnUTFTr7UqCdCFP27xWkVbgWUlIx4c5WDf/U0FP27NBY3Yuv+XCoN:VjUTuNEKxnVbgvqxN5sK/Y/+XCoN

    Score
    1/10
    behavioral3behavioral4

    • Target

      jli.dll

    • Size

      1.8MB

    • MD5

      072b9390df5cbe5015fe58da16923659

    • SHA1

      bea24458f5b981924f21c16cf8ac77566a821d65

    • SHA256

      fd2144a39e567bdf97b54014c6d912289bbd055835190fe377236c3ff8f89290

    • SHA512

      e84d607b0f1d039e371c7462f332193e6d0a41bcd3b50810ac162e5375b88d27f9d940d003ee2cfea11b5d66dfb33fc4b74fa50148749a96102b33bac90cca64

    • SSDEEP

      24576:3x9Cm6pOSgrbtR/UDI2KNc32ybHAaD835rkbqO1UkTrcwCPIdkgVmdwALoBhkw2:3x9Cm6ASgrbtFUDXTA7gMlPIxYRLgGr

    Score
    10/10
    redlinesectopratlovatocredential_accessdiscoveryinfostealerratspywarestealertrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral5behavioral6

    • Target

      msvcpcore.dll

    • Size

      95KB

    • MD5

      ae49e6ec253d62b7d2d462e534ce8716

    • SHA1

      1888a2270bec4dc1b8dc92ce93b6b22ffdaa4bd7

    • SHA256

      26f7aabb1d98d5926353f6eae9fd13210f886b629c7d7c4deb760788a0c71694

    • SHA512

      3100f2385b56308f7a61e36f7c36c6e6bae1795b69d24df1bbc4c33b6ad9862fb3d739be91408dcecfc3209f219652a502badf353d65265d532aba6687539f41

    • SSDEEP

      1536:oV7PyR0m3PwbJQy0Pyk2Nz4WWqKa+qvxvKSiv9XVsJAGHSi61CSvo3uAXkLhFF+e:oV7PyR0m/uJp0qkOz4xqKEvNOv9Vs9HQ

    Score
    1/10
    behavioral7behavioral8

    • Target

      prefs.dll

    • Size

      26KB

    • MD5

      9b6280e64b6d89b03b67db84b54aaa93

    • SHA1

      5fdd63567326fc0f507b3dac86ec4297fde166d0

    • SHA256

      8897b9d5734146ecc34cf7ab7d5dbbc3798db54da731b324d1b41c2bdb0efe64

    • SHA512

      b6b6eba5da72a5561cb6c19abdcabe4e364c7d293db3ad5672532a058e83abe94a7fc2c8ab352812079057c7403aa3580df08a141144ac4625ed8c26d18cc1a7

    • SSDEEP

      768:e3sZ6lhi5opYD75YpKxnVbgvqxNdliK/Y/+8U:Uk0s5SYD76pKxnKvKNdliK/WU

    Score
    1/10
    behavioral10behavioral9

    • Target

      vcruntime140.dll

    • Size

      107KB

    • MD5

      146eb6b29080a212b646289808ae0818

    • SHA1

      e5d9801f226ecd3af662df225f751ae8a8934357

    • SHA256

      f66c606d2ee6bbca375ab4268b0c6aef5170a4ca580a00e17a56057a7a127743

    • SHA512

      0824b42ca2539709f77134ffea9c10fc9f4c126b6a309bd5d3ddd02a660ef98d63b178219d83b173340798c479a1008c2d4f57830898673043fee2450a210a58

    • SSDEEP

      3072:y67mylIhkoQpdK9H9YOecbKV02pKuKLK/M:7iylZoQwH93ecbKCR72/M

    Score
    1/10
    behavioral11behavioral12

    • Target

      vcruntime140_1.dll

    • Size

      49KB

    • MD5

      c106bef63b8db2f32de277b0c314249f

    • SHA1

      b172b5809f95bd4f4181fe30c30368b50a27f08a

    • SHA256

      dced523e24b4374522c86f7bbfc0ac8d8e1078336492629722081339adaad9ba

    • SHA512

      77aab947ffec187f054c68899f2b4186a53b2901fb74ee6702586c1207a4abea238c64da0aa3ebe56695c31606b315f9a6289ca1748e9770fcfca5816e7e6580

    • SSDEEP

      768:+Cm5yhUcwrHY/ntTxT6ovF7IVwwIl9znKxnVbgvqxNJUoK/Y/+b:lOHc16opIVwwI3znKxnKvKNJUoK/x

    Score
    1/10
    behavioral13behavioral14

MITRE ATT&CK Enterprise v15

Tasks