Resubmissions

29-09-2024 16:03

240929-thbymatfrh 10

General

  • Target

    devًexec.zip

  • Size

    57.4MB

  • Sample

    240929-thbymatfrh

  • MD5

    c05b7d9d580d38dbdcd621c982c57357

  • SHA1

    3d5650f018436d67b2a52da38e7828bbf4a020f8

  • SHA256

    8c6b5434123f98046508c84022b07393cffd6749270f69e6432bbf184b08d4a6

  • SHA512

    3e80dd55fb650cfc9c1925de0f00194b8a77ee7287036b16b7ef51a316c1cb4f14d250577b24047d20901a371df0a76becd51d4a5e0b338b7e2f51141540a4ef

  • SSDEEP

    1572864:oIL+InvQwN3GEgFg0md2IfEJZZoXmJWK0Vms7KxC/CsPb:f+iYwJCFgPdNqZZoXmJWK0V5l

Malware Config

Extracted

Family

redline

C2

185.196.9.26:6302

Targets

    • Target

      devًexec.zip

    • Size

      57.4MB

    • MD5

      c05b7d9d580d38dbdcd621c982c57357

    • SHA1

      3d5650f018436d67b2a52da38e7828bbf4a020f8

    • SHA256

      8c6b5434123f98046508c84022b07393cffd6749270f69e6432bbf184b08d4a6

    • SHA512

      3e80dd55fb650cfc9c1925de0f00194b8a77ee7287036b16b7ef51a316c1cb4f14d250577b24047d20901a371df0a76becd51d4a5e0b338b7e2f51141540a4ef

    • SSDEEP

      1572864:oIL+InvQwN3GEgFg0md2IfEJZZoXmJWK0Vms7KxC/CsPb:f+iYwJCFgPdNqZZoXmJWK0V5l

    Score
    3/10
    • Target

      ReadMe.txt

    • Size

      18B

    • MD5

      2b5008776d69d3754e616569a9d010b6

    • SHA1

      a0b599072e28736498ad41f7871af997a5954867

    • SHA256

      fe2a4982aae40e534e98c36b78de508398d1da0b80d2b637f6aa091b3e09e438

    • SHA512

      dade16b59383b9cb44b23de8127b948bb25d0e78f6ddf7d45867b30ab86322e89b534776a70e5db0481e885b9980343142f5222764ce61743a208ef49f02bb78

    Score
    1/10
    • Target

      devexec.zip

    • Size

      57.4MB

    • MD5

      368b5f960053f96ec205c4d837e446fc

    • SHA1

      2c9897f27d72a6f421a9993ae2ee4952a6a484be

    • SHA256

      20a07bd8b8ec2f4b795d57486b7afa827746dd269ea0cb68bb50b651da7140af

    • SHA512

      f8e0b1484e4b52dab7de77ff476dede5246e70efaf357f59607771fefc843e445e33b79307610f0bf07371359d9f42082f1ab3f9d56cf353835c96d6c1a20e80

    • SSDEEP

      1572864:TIL+InvQwN3GEgFg0md2IfEJZZoXmJWK0Vms7KxC/CsP+:u+iYwJCFgPdNqZZoXmJWK0V5A

    Score
    1/10
    • Target

      Bootstrapper 1.07.exe

    • Size

      310KB

    • MD5

      66e2659120cbf66a1d60e63e76c941d6

    • SHA1

      d38f3933adb3e70a4f4878fd9388d1f6941981dc

    • SHA256

      816b9928538d75d5eabc68327879e3e205bfe820495a20fa06696865282be378

    • SHA512

      734271b93cbac615b2b8811c2848bbb5b8818414292e5f8261c45ee54dd3f1310002441193e76c83b686ca16be09cc1b0a3d948533ac1b6a23568cfe5018c8c2

    • SSDEEP

      6144:T6hThwAw9HYOzx6BsO/HxISYVFOFM5gdrOpCubFQEXYYSjxSHZbk:T+tmHYuO/RxYy650OpCaF8YSlSHZbk

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

    • Target

      autoexec/test.lua

    • Size

      34B

    • MD5

      f051c998ef025a1ccd4f6f7abe16e55e

    • SHA1

      2e75e1237531ae3c0647c0fad7cf6ae1687d0e99

    • SHA256

      601c187ff3410f7c71258bd29c0e48a9f40a046a745093f71e7172decf0f0eae

    • SHA512

      748cb431b3a2208c07187c80a3c5b5174b2c536fb056e7b48646875cbd4392225da4aaaaf376f16ca79ab854245e7638cf02103f0913abff55e005da482d498a

    Score
    3/10
    • Target

      autoexec/test2.lua

    • Size

      11B

    • MD5

      701bf4a4743e5e0361e26999881a5ce9

    • SHA1

      f34d33bcb5c13eae1c15faddc6054e479f74aa28

    • SHA256

      c2d0a5e0790d97a015387a995c0d0b5eb3e88138466586fc980787c9b1731eb8

    • SHA512

      8c0eedc5dca108eb9682239164cba3c70ba4c12e4520a9bdfa8efce0416ce51534fcea2ef4dcd7ea2dfc684358a064233165b0bda5287892de2014a1f2b21c6f

    Score
    3/10
    • Target

      bin/api

    • Size

      18.7MB

    • MD5

      88fd7dbf04bcf75123d02009aea3f7f7

    • SHA1

      cecf16bdad71e54afc941179ea2b7438a04efa1d

    • SHA256

      01481b9a862936fbc090bda4033f22d7ffa5a7bfe5dc32f47c7794332b34eec4

    • SHA512

      2c6298b5adf91b51f0042d48e0846f5b196d52a588fd4fc577bf19ec26ad8e547382279a15f8bf131b08b0d7c140534aff25f82d5e8998818b812e72c9493917

    • SSDEEP

      393216:hqA/D2IIyzg8DolBo6i0KoI6Di42sC1/syU3DXNs6hq8:hqcaZyV0fC1JOpjhq8

    Score
    3/10
    • Target

      locales/af.pak

    • Size

      494KB

    • MD5

      c9a3eae18f5c5b237a2bd4fa5fe3cd6e

    • SHA1

      0457bb0902682e4b036b61a79aa54d20f6bc9d5c

    • SHA256

      1c4b71a30dbb98d19d6cb2704ff2ae2ea72f3a4d117d45b96bfaf4ae0e66df9e

    • SHA512

      6db4f90a31d3bc01474fdc45743375f03aa0eec2cf05354e3dbba76f475224cacf2efc58357da12d502c21a0650cc0012c2cce7bf449b2d9efcf5d21de44f99c

    • SSDEEP

      12288:KA04L9o3w7irJGiCJYR2+H2JynyaI4In6ro0v7ENgI2CRwHM+2rs3e0lOX5g6tlj:jzL9oA7eJdsYR2+H2JynyaI4In6ro0vw

    Score
    3/10
    • Target

      locales/am.pak

    • Size

      800KB

    • MD5

      fba57d67d918b05534808ec5a3bb41ea

    • SHA1

      b2a63753e3d827a99953c83bf12027f2b417497b

    • SHA256

      931408a67d7e87366d4493d39551a6acb750ffb13bf04cf6bfb51e2a31993ca0

    • SHA512

      c35345c0e85ea1e4e768651482c5f78911e0b1328cbcd3d400d503d97f46bddeddf9a0ee9eb47b974970f2e53ff37d24d65c82161ad5aca0dd857056f9d8f6db

    • SSDEEP

      24576:/LjTZRfxxF1GCj+amtz1L5QJgAHVHB7yPRo:Dc5W

    Score
    3/10
    • Target

      locales/ar.pak

    • Size

      879KB

    • MD5

      33d9222143484fd0d5c2bfd5dbfdb3fe

    • SHA1

      2dc62d9e87e4ea24f4c83cbac72bfa823075fe99

    • SHA256

      11e93150d0230c2da504bba3248834d4526a74b61a9bcc05c0ef3ace255da640

    • SHA512

      aa3e9002e4b22a18acfe4f0b18689d46cc132ddaf8c5135c7dfbdac54582bbac707541fe699a5a70115c378c3002da67852e7da06ff3ac24915a2841db8f5088

    • SSDEEP

      12288:Z97l1BzEw/0/R/mARz4fvPUMxRjkYG5XN0W3ECMmXA:Z9pWBz5B3O

    Score
    3/10
    • Target

      locales/bg.pak

    • Size

      912KB

    • MD5

      ee5d383d9ff3bf05fe62adbd95c8e948

    • SHA1

      de4bcd0d54b303a39c72f447161a411f763e160d

    • SHA256

      8b8bcb2b886a39e4c00e40e3183200258d51f382c473b38dc9217e41595e59ce

    • SHA512

      122b5e7e78c5ac32d8e97c63d11b9892b2795e78de8c4ae04efe097a8b25b454bc3945c48ff8f298ab51adddef36d7b2901967a54d1e8ed241f0fc907400364f

    • SSDEEP

      24576:ZOCBfqWPnLYazQkEC9U3VbvcHU373ZUH3aAKUGVDoIglumpod2OQ5vGF1YoxaQ51:ZOCBfqWPnLYnWU3VbvcHU373Z83aoGVd

    Score
    3/10
    • Target

      locales/bn.pak

    • Size

      1.1MB

    • MD5

      8aa74df7ca8dd365747b9e50a91723e5

    • SHA1

      04b5ff5ee43a0479a6a48371ebf68258d94e5ee1

    • SHA256

      da53d3efb3cc3cdb6d5aef2570df7da4a4fd18df85bea3e00ac5af73094856c0

    • SHA512

      aef24a184a794241f38963e5040a4cafeeddbf6ad568b6fcf321d82c30b79270ca6a4680bf44aa82c7c7176f9896bbe8e3600b5544274090794ea728d9364e09

    • SSDEEP

      3072:vxQAzKKazemwp4q7r0Escl4oHFcq/j90Yuf1i/QfqTNl2SPRRBbJ/QL5172DbNJO:RKKazEOqbsclzOPqTNISPRRBb45Ob6

    Score
    3/10
    • Target

      locales/ca.pak

    • Size

      564KB

    • MD5

      31c1d66940122b22c684269e7c68e61f

    • SHA1

      c7c549cc99114dc68d56f169c31e5d97939bd931

    • SHA256

      eaebcf24823a4e2885ba0aa287a0119a7d1e3d38a0596b261d23111861f8116c

    • SHA512

      1756b13fdac39ad28f9c69f18684dbc7f463e3a11e8a1432ecb53816da74d5dfb4d0ba281aad00fdab2059089fd4dc273f1b8c085e49216f1285fae962609437

    • SSDEEP

      12288:IbjYwR3uzU37hRE1Dvkd3k5PqF4N3Mw2juwHzejm0t3lvybrTsn/RCHWIsjc4jlE:IbjYy3u4X7dPARIVJPMNfXI8C5Rhkil

    Score
    3/10
    • Target

      locales/cs.pak

    • Size

      572KB

    • MD5

      2d09d3ec0ea3db04075bada679ead06a

    • SHA1

      c0890988ff6386566e30854acfc6ac43e1af85f1

    • SHA256

      e1dbf1409f09b14fca2f4acc702c1bfc13c69cf9ff503278457a15ca08e2799a

    • SHA512

      b2a5aa0399f6c0506ea3105edff2ecfeb0647cdc8dfb460291ccdcdd50380075e1e869a36f63af150f27aa77916f378375eaa217092bc89534c1742eb839c8a4

    • SSDEEP

      6144:EqTUqwuqZ0inoARQ0nDA+AO5mDzr4/DNOOAzSBAmPy68QDsU:EWC6ooAeA55mDzr4/DNOrzS+mPr

    Score
    3/10
    • Target

      locales/da.pak

    • Size

      521KB

    • MD5

      3e67fcabaf91297a33af1da4ad928e19

    • SHA1

      339c9ba093b78d8488bd206af72c096cf75b02f1

    • SHA256

      4545d8d5f566d2dac7214436dbf8a1340e262407461d9947fd226c338c886800

    • SHA512

      6b033711ba19ff9be2ecc7d4475351878b8327f5ae44f3166d011dacae38d6d1cdcb0b3284f4512fe716707b82f6e927d773dcecf8de9316e9db24971a1a0812

    • SSDEEP

      6144:Hyf2mHalMBVfr2YzVWlsA5hbqWj1se8jjwlRfxJwe7obR+uaFIV51beM57otd44R:4HaICGYq5jqWB516M23

    Score
    3/10
    • Target

      locales/de.pak

    • Size

      561KB

    • MD5

      dcc3a9f85c010fa19d77bc61760ae970

    • SHA1

      dd8a3102980d63392502aa54265b2de9acb953bc

    • SHA256

      7d2c39f892bb39130759ad59a33b7b2a9ab71687c87976a347c36c136922d4d6

    • SHA512

      7e4ed8fe97e731493ec2f4e1896a62753196f4cf1f43af773696f33934ef9f5cf357ade1ccc61a0c3c8a81eb8253849001621ef6836baccdbcc824cc72d89b16

    • SSDEEP

      12288:lFS6fd8+frWlVhC3K7Up0gXajTlyt50UnvoCIz:lFVbfuVhC3K7Up0gXajZq5LACIz

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

cryptonepacker
Score
9/10

behavioral1

discovery
Score
3/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

redlinediscoveryinfostealerspywarestealer
Score
10/10

behavioral8

redlinediscoveryinfostealerspywarestealer
Score
10/10

behavioral9

discovery
Score
3/10

behavioral10

Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

discovery
Score
3/10

behavioral16

Score
3/10

behavioral17

discovery
Score
3/10

behavioral18

Score
3/10

behavioral19

discovery
Score
3/10

behavioral20

Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

Score
3/10

behavioral23

discovery
Score
3/10

behavioral24

Score
3/10

behavioral25

discovery
Score
3/10

behavioral26

Score
3/10

behavioral27

discovery
Score
3/10

behavioral28

Score
3/10

behavioral29

discovery
Score
3/10

behavioral30

Score
3/10

behavioral31

discovery
Score
3/10

behavioral32

Score
3/10