Overview

overview

10

Static

static

setup/AISetupFull.exe

windows7_x64

10

setup/AISetupFull.exe

windows10-2004_x64

10

setup/Setup-Crack.exe

windows7_x64

10

setup/Setup-Crack.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Crush Crush Cra Crack dddaf6bf9220cb28.zip

  • Size

    5.7MB

  • Sample

    220628-jyzdrahhc4

  • MD5

    f6590a44652623f0b9e42f6b80482965

  • SHA1

    ff0297392610b5914d6d2bb05edae4c1a3f4391e

  • SHA256

    fba6966c2f4a02d9d0405b94d6c7be480e6a1c82ea245e4d49b541acee5736f5

  • SHA512

    a3ff00b9a74d6aac6fe29bdb7f7d3daa8355223f9f2470746d43b52180b5d16d63ec7248e4f3b80a1e0fa50c9cc21c713bbfbd124a28af7f7a8dd5cfe37ab618

Score
10/10
recordbreakerredlinejn28d1evasioninfostealerspywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

jn28d1

C2

185.215.113.122:15386

Attributes
  • auth_value

    f464001a0e86a12ef97505647572b2c2

Extracted

Family

recordbreaker

C2

http://5.252.22.79/

http://103.214.4.102/

Targets

    • Target

      setup/AISetupFull.exe

    • Size

      1.4MB

    • MD5

      0d5e2cabef77bed22398de3196c1d1fd

    • SHA1

      785ff4ed2cdec5ba481ec00a2966a8ea766cd549

    • SHA256

      757cdbf9116e2f06fae96fabefeba0a0e524bd09e2e368b172ae2389bb5bb78c

    • SHA512

      9d8914560edd9ac488d7d4daed4f6a62ab151df6568722e1bdd6526e936a5dce9c0a20e7055b43d441ce14dd5a7659c53e2c50b4aa99cf249f9256b1315e30a0

    Score
    10/10
    redlinejn28d1infostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      setup/Setup-Crack.exe

    • Size

      398.8MB

    • MD5

      b0fa60eeeb4a0cc8ac5ce244b393b131

    • SHA1

      399d046eb6a62e5c63e347eb6873797d66638d2f

    • SHA256

      e928aff9983da3f7cd3b216d91e9d239115755aa657f7526434a021a1fcbcd47

    • SHA512

      60f216eab6e7f2e6ab758f08fa3c79fd76c422dd7b389838f7916af87037b48b6965ab6fd17b98f4e8e50b93d933e6d12e1155732d4c321829b8c34644de0f92

    Score
    10/10
    recordbreakerevasionstealertrojan

    • RecordBreaker

      RecordBreaker is an information stealer capable of downloading and executing secondary payloads written in C++.

      stealerrecordbreaker

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3behavioral4

MITRE ATT&CK Enterprise v6

Tasks