93b96a1511a6f2084db207b831e3e072d8e5a4901592db660d456d10e5f618dd

General
Target

93b96a1511a6f2084db207b831e3e072d8e5a4901592db660d456d10e5f618dd

Size

691KB

Sample

211223-ks31eshdd6

Score
10 /10
MD5

ce8db50913eff9d4e600312d7c446b4a

SHA1

6ed1b7efb1acb82b5856824a66b0a70af319109f

SHA256

93b96a1511a6f2084db207b831e3e072d8e5a4901592db660d456d10e5f618dd

SHA512

74f979d6678ab68b6063b8497f37303d41c0f084ee198d0260fd90fc28aa8a1e1cc55a8bcd65cff7c05338bc93e23b33767efa1d0c8974a1a3039916835d05e4

Malware Config

Extracted

Family redline
Botnet runpe
C2

142.202.242.172:7667

Targets
Target

93b96a1511a6f2084db207b831e3e072d8e5a4901592db660d456d10e5f618dd

MD5

ce8db50913eff9d4e600312d7c446b4a

Filesize

691KB

Score
10/10
SHA1

6ed1b7efb1acb82b5856824a66b0a70af319109f

SHA256

93b96a1511a6f2084db207b831e3e072d8e5a4901592db660d456d10e5f618dd

SHA512

74f979d6678ab68b6063b8497f37303d41c0f084ee198d0260fd90fc28aa8a1e1cc55a8bcd65cff7c05338bc93e23b33767efa1d0c8974a1a3039916835d05e4

Tags

Signatures

  • DarkVNC

    Description

    DarkVNC is a malicious version of the famous VNC software.

    Tags

  • Detect Neshta Payload

  • Modifies system executable filetype association

    Tags

    TTPs

    Modify RegistryChange Default File Association
  • Neshta

    Description

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    Tags

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • DarkVNC Payload

    Tags

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation