Overview

overview

10

Static

static

Glory Hack.exe

windows7_x64

10

Glory Hack.exe

windows10_x64

10

Bin File.css.js

windows7_x64

1

Bin File.css.js

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Glory Hack(Pass 123).zip

  • Size

    1.3MB

  • Sample

    211226-2bvfdsaebl

  • MD5

    4e34bcd2642f9579accbe007c771ac31

  • SHA1

    04c715794bdbdffe357d245b5b3889867d4d2f75

  • SHA256

    81ca220164654dbb2c975e32676d96093e0aaed7c5315a64ac42f2d12b664138

  • SHA512

    dd662b47c3c8ce4c6c85dcea83db185eb2418635e5531d658bfe9d07b498ca125ca549e8fd88e6d977a10eba02dd424c2ba63d0673fb12d78e54692ce846c845

Score
10/10
raccoonredlinecheate9f10fade0328e7cef5c9f5bf00076086ba5a8a1discoveryevasioninfostealerpersistencespywarestealersuricatatrojan

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

45.147.196.146:6213

Extracted

Family

raccoon

Botnet

e9f10fade0328e7cef5c9f5bf00076086ba5a8a1

Attributes
  • url4cnc

    http://91.219.236.18/baldandbankrupt1

    http://194.180.174.41/baldandbankrupt1

    http://91.219.236.148/baldandbankrupt1

    https://t.me/baldandbankrupt1

rc4.plain
rc4.plain

Targets

    • Target

      Bin File.css

    • Size

      19KB

    • MD5

      a286586a5af4f8a3889aa6cf97a11303

    • SHA1

      6675bb995abbd43c91296170892f5130e69b4f2a

    • SHA256

      1566beff280a43f1052ea95a4d26ae6f4828261fb16c921ef37ac1db4a9ebbea

    • SHA512

      37ad42d7d305609d99d13b73db387148d16aab937260f46995a3cbbfb24f4dd36011f2080f0247d5db211840cc70c7baf3fe28b9d850d9cc9673c8df2aca45ee

    Score
    10/10
    discoveryspywarestealersuricataraccoonredlinecheate9f10fade0328e7cef5c9f5bf00076086ba5a8a1evasioninfostealerpersistencetrojan

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

      stealerraccoon

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

      suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

      suricata

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      Glory Hack.exe

    • Size

      778KB

    • MD5

      6b879b5b1c0bd1be971c6d9a02f1df1d

    • SHA1

      578a69df320fcc43bb1e1e16111379c189ec02ca

    • SHA256

      4aac6708cf825da95b04be458e55cf24961b99aa7f6b82f011898a8443ba96bf

    • SHA512

      90eead8ef6b9fe3f23f3246c7cb4c04fb0448fc60bc60ec2db749e60c6810a55dbb4ba2eb4ce2ea11e1ba544eda6b1f1e66d8518804886e2565318034b1f4441

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Modify Registry

1
T1112

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

4
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

4
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks