Setup[1].exe

General
Target

Setup[1].exe

Size

1MB

Sample

210405-8ga7y7zk36

Score
10 /10
MD5

0657125b7850a7b5796bf6979da502f0

SHA1

686d1ad201f0706daec7dd9bfa60fd1144a7b876

SHA256

c1a85afd7acdaf7ab0d6839cc68d67ca75455fa9fb3d62a95f6579f07899df49

SHA512

879167e0b34e015e62828151a05b785f3f9b99e2826be73fe9afc4d671dedec19c9994d2481c060e453367885ba16cce0252e7049bdb59c5ee90885f6527e10c

Malware Config

Extracted

Family redline
Botnet 010402
C2

194.135.20.72:3214

Targets
Target

Setup[1].exe

MD5

0657125b7850a7b5796bf6979da502f0

Filesize

1MB

Score
10 /10
SHA1

686d1ad201f0706daec7dd9bfa60fd1144a7b876

SHA256

c1a85afd7acdaf7ab0d6839cc68d67ca75455fa9fb3d62a95f6579f07899df49

SHA512

879167e0b34e015e62828151a05b785f3f9b99e2826be73fe9afc4d671dedec19c9994d2481c060e453367885ba16cce0252e7049bdb59c5ee90885f6527e10c

Tags

Signatures

  • Beapy

    Description

    Beapy is a python worm with crypto mining capabilities.

    Tags

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • Grants admin privileges

    Description

    Uses net.exe to modify the user's privileges.

    TTPs

    Account Manipulation
  • Executes dropped EXE

  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service
  • Loads dropped DLL

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation