General
-
Target
setup_installer.exe
-
Size
4.2MB
-
Sample
211030-neacqsbehp
-
MD5
401358d510a50b4e174c1f3abaf3bc0e
-
SHA1
e3be8ffcc9dc2924652920f904f9058dbbf6e14e
-
SHA256
7e890b0ee04f14d8989db2a0a853c06741112c432030b63457fe866600b44749
-
SHA512
0e47c8e4ea84851263e7189374e299ac22c42a8986e1620661fff461d569f4b9d00ec56a462fb04eb99408c684b306d00bd16c4f1a43a09af18d74bb88244520
Static task
static1
Behavioral task
behavioral1
Sample
setup_installer.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
setup_installer.exe
Resource
win10-en-20210920
Malware Config
Extracted
redline
srtupdate33
135.181.129.119:4805
Extracted
smokeloader
2020
http://brandyjaggers.com/upload/
http://andbal.com/upload/
http://alotofquotes.com/upload/
http://szpnc.cn/upload/
http://uggeboots.com/upload/
http://100klv.com/upload/
http://rapmusic.at/upload/
Extracted
vidar
41.6
933
https://mas.to/@lilocc
-
profile_id
933
Extracted
raccoon
eae58d570cc74796157b14c575bd3adc01116ca0
-
url4cnc
http://telegka.top/rino115sipsip
http://telegin.top/rino115sipsip
https://t.me/rino115sipsip
Targets
-
-
Target
setup_installer.exe
-
Size
4.2MB
-
MD5
401358d510a50b4e174c1f3abaf3bc0e
-
SHA1
e3be8ffcc9dc2924652920f904f9058dbbf6e14e
-
SHA256
7e890b0ee04f14d8989db2a0a853c06741112c432030b63457fe866600b44749
-
SHA512
0e47c8e4ea84851263e7189374e299ac22c42a8986e1620661fff461d569f4b9d00ec56a462fb04eb99408c684b306d00bd16c4f1a43a09af18d74bb88244520
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Socelars Payload
-
suricata: ET MALWARE GCleaner Downloader Activity M5
suricata: ET MALWARE GCleaner Downloader Activity M5
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin
suricata: ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-