General

  • Target

    4d530eb7103ec1921ee6d96f8ce1d198383e37c031d48e7f370075f64fd23e8c

  • Size

    3.3MB

  • Sample

    241109-xwferazgqm

  • MD5

    efdc8557cc13ef260474a9cb23518c72

  • SHA1

    899c491c3f584d4dc0c8ce49560e832db24003bc

  • SHA256

    4d530eb7103ec1921ee6d96f8ce1d198383e37c031d48e7f370075f64fd23e8c

  • SHA512

    bb6a2e34f8c4a424e636bed4a3e0deb6f0fd6deb8dbc8c6fbffb6298b0a1bf224ba843e67d4f4b142b20329fbf615c4e261155fecc94c03524eb056945965d4b

  • SSDEEP

    98304:bfjY2wHWOTNoCulTmmMJ1n0WUFm5/sUm4s0ioSDu:b7XdOTNop4mG0WwK/W4sToSS

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      New folder/08db9ff2e3e0d4b4eae7de9bb07e0fd7c64ed74954e2cf5766fc2e23a0db7d8d.bat

    • Size

      1.1MB

    • MD5

      ab0d98e0b9af05d94e139284507c0d3b

    • SHA1

      0d3297b0a0bce6f0dde0b91146a66ed78c9b9d2c

    • SHA256

      08db9ff2e3e0d4b4eae7de9bb07e0fd7c64ed74954e2cf5766fc2e23a0db7d8d

    • SHA512

      f260e37db9c406ba6a6ae5c1472def4e545af5366e9d514066470d7a8506b85f01ce6a1ee274d7cf137a11684268379cddeab8f055ffe75d150b264fdee1884c

    • SSDEEP

      24576:w9vetj7JB95zNrhS01VX3LBc41Y35qdJQhgjGlCG9LuPQV+J7zrzLElSmRxx7o:jrXn+30QeGoU4TElSr

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    • Target

      New folder/8a4b9fbacd8e070cdef780edf587a22f93e4d0a2d11f99637b53cf64596699df.bat

    • Size

      2.1MB

    • MD5

      a5a4c0545136eb52dd37437623238dd6

    • SHA1

      3b8864445bac90d1ce0e4ff9b9bb8641728371d1

    • SHA256

      8a4b9fbacd8e070cdef780edf587a22f93e4d0a2d11f99637b53cf64596699df

    • SHA512

      69b7d50551e7352d131390e1d70b74568e7ad4b7e66eebb8217aa22bd694249495f8933aa9fe14514d2f2ba039fee95e0090407369c84fd09003cd8f075a05a8

    • SSDEEP

      49152:HV/aYoonKuRO7Ci2BBVvI/W1yLNh+lMcs:y

    Score
    8/10
    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    • Target

      New folder/fab9a387bb96927cbd244960956e4b0afc3b30bee530a52e4c37b7bc787804e9.bat

    • Size

      1.2MB

    • MD5

      3facdad0ee9326a9fe96750fd6882fec

    • SHA1

      e13554f1e181271f441d7ccea3f7df2ae3e47b86

    • SHA256

      fab9a387bb96927cbd244960956e4b0afc3b30bee530a52e4c37b7bc787804e9

    • SHA512

      02647213a32a323c4b2328641a1f4969ae30e66d31ca9c1629466b1ee7dfb9cb7abb08c2ab070e60a514f4167e39988eb21ffdf02c33f164e39a942b312e8244

    • SSDEEP

      24576:Ldj7jHnhLUJXBLqjfauCZB1wl9UITPPo6jNQQrccVuS8rSE1try6Q+xO7IM:h0XBe20xPg6wxJK

MITRE ATT&CK Enterprise v15

Tasks