Overview

overview

8

Static

static

3

net8.0-windows.rar

windows10-2004-x64

8

RLTool.deps.json

windows10-2004-x64

3

RLTool.exe

windows10-2004-x64

1

RLTool.exe

windows10-2004-x64

8

RLTool.run...g.json

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    net8.0-windows.rar

  • Size

    60KB

  • Sample

    241001-b14ggsvbmn

  • MD5

    5cb7420ffed9371d1737e246ceb796f3

  • SHA1

    3d2124e13f8ffb8d1a79f43d02319f200fdd0d9b

  • SHA256

    c3079e30f6dea0d321ad037c917d0e2bc01ed4e235774357d7b2320625235635

  • SHA512

    46d567154ebadb4a7181e9b4a79f97e372395caac3e1956fd969029a74f0fb552bfd0936aa3f202667f76c9e7a628595dad5ce38f2bc87ec52b15caa8c6ff8dd

  • SSDEEP

    1536:GMIbSx4uLyZy2Jd9PEBiKx2qfE65xSXZrfjzgjepCr/:dIbLu32rFEBiK8qsU0XFdu

Score
8/10
collectiondiscoveryevasionpersistenceprivilege_escalationspywarestealer

Malware Config

Targets

    • Target

      net8.0-windows.rar

    • Size

      60KB

    • MD5

      5cb7420ffed9371d1737e246ceb796f3

    • SHA1

      3d2124e13f8ffb8d1a79f43d02319f200fdd0d9b

    • SHA256

      c3079e30f6dea0d321ad037c917d0e2bc01ed4e235774357d7b2320625235635

    • SHA512

      46d567154ebadb4a7181e9b4a79f97e372395caac3e1956fd969029a74f0fb552bfd0936aa3f202667f76c9e7a628595dad5ce38f2bc87ec52b15caa8c6ff8dd

    • SSDEEP

      1536:GMIbSx4uLyZy2Jd9PEBiKx2qfE65xSXZrfjzgjepCr/:dIbLu32rFEBiK8qsU0XFdu

    Score
    8/10
    collectiondiscoveryevasionpersistenceprivilege_escalationspywarestealer

    • Disables Task Manager via registry modification

      evasion

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

    • Target

      RLTool.deps.json

    • Size

      410B

    • MD5

      586c28961367aced67554723dc189e23

    • SHA1

      a71d04f6f38c7212b51be1fe7ec9f837186e5d43

    • SHA256

      66be7442a542430779c91364e838b9d186539d11c7e6b2555ea63e3740b90631

    • SHA512

      93b7b9472ffb4922ded3f298c0f65fc18f3cf606c4630348278efc415c5101b53c2e0df362368f8bbcbb580a6842db55dd10703f810c6345e169c2069ec2d16a

    Score
    3/10
    behavioral2

    • Target

      RLTool.dll

    • Size

      9KB

    • MD5

      4c37fd57a7d7dff683f0a388bb939741

    • SHA1

      55a05df8e4e854aab62ff33d999df176911711a5

    • SHA256

      bc3c7797ea2487c6dea85429906d343f326590e01d9519d45beff03fc7351906

    • SHA512

      9f92a5cb33ffa62f309c755cc1b3fe41753611d24c657fcb0d83632b7653220bb397cb6be9d5a4ca828fafc2099fb71a5c506b4cba630f7d0b7ab775c7f41785

    • SSDEEP

      192:f6iWJzM19SR9/4NfuEFoXIzotusHUP5hy0GdDEF+C7N8QaKh:fqzM19SR14Nf5FtzoRuhyNdDe+C7VaK

    Score
    1/10
    behavioral3

    • Target

      RLTool.exe

    • Size

      135KB

    • MD5

      d8dd178edd900a25706432da4168433c

    • SHA1

      6f97a417179ddcec0a90eeee4dffd76aa2602537

    • SHA256

      1e2b6bfb5d47fef87162614b2c6e5cecd46ce78a1d5cf7ea1744bc49dde8db5f

    • SHA512

      6f4b1e2c6c35136899f552c127d992ba30d505ba20f0d5da73801d43d1b1c0a7eb4029a544f5f5eb46a350c7555d4e6c6be6c55db33c4c6a7363f827b68857d8

    • SSDEEP

      3072:DjK4UGDHXrQ8hy7qgpHulWD9ZvZ5Pf3Ca10xuZ04ntfO6hBut:DjK4TDUqgpqWDLZ5H+xuZ04FhA

    Score
    8/10
    evasion

    • Disables Task Manager via registry modification

      evasion
    behavioral4

    • Target

      RLTool.runtimeconfig.json

    • Size

      386B

    • MD5

      186a65581e2f29258f54d396660409fa

    • SHA1

      6f998d3be2e85cb5419205f867135874f27c0a3a

    • SHA256

      e1e0974d0e8833375024eb7c78521b3b5cad4228aad22b23d506cbe702445844

    • SHA512

      7dea87b523aab01ea3c794779b71bc0b52179e1d5e7b9a45539ddd39c775969ef22853c4c193699aec1e3fa3cbe26e90e3a4881226c52a3aacae1eac260ff896

    Score
    3/10
    behavioral5

MITRE ATT&CK Enterprise v15

Tasks