Overview

overview

10

Static

static

Setup.exe

windows7-x64

10

Setup.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NBA 2K22 Hack v2.3.rar

  • Size

    9.7MB

  • Sample

    221002-ymb7eagdh2

  • MD5

    a594d0d300d83aa61fc466abcbe2205a

  • SHA1

    bbdad102d689b96b75937e4b7c38edfa0408b2ff

  • SHA256

    9c5b16604cb137dd84dcd9952292cb6e9714814720878318fb9126172306aed6

  • SHA512

    bfb32eb82108ffb332459aeef0711d9cee5fca66025f577573d29dfa5763afa55898222a18f8eefd72785882d7806d6451f75203189a3a8f67654ea99e19f799

  • SSDEEP

    196608:WIU5zKlQeO6ielwUan870LHn7t8K9GcnEFHlr5yi1I0RYp9fMrv/ej97MiuJde:1izEQe/lwDn870jnR8ncnWi0RYp9fBVp

Score
10/10
raccoonredlineytstealer55141fdba30e9c28fe0ae2e082b22897infostealerpersistencespywarestealerupx

Malware Config

Extracted

Family

raccoon

Botnet

55141fdba30e9c28fe0ae2e082b22897

C2

http://45.15.156.31/

rc4.plain

Extracted

Family

redline

C2

81.161.229.143:27938

Attributes
  • auth_value

    6687e352a0604d495c3851d248ebf06f

Targets

    • Target

      Setup.exe

    • Size

      812.1MB

    • MD5

      97432769d9c069e9d916cca622d3e136

    • SHA1

      821748178afd4e72ce68e37bca575327e2c15074

    • SHA256

      7f9684b6297bf11ba15105902412e453afd13c904e8e0121d9d8ef834b7e95d9

    • SHA512

      4641d432a53c437fed97313b8c13af504b681580d37fc25a1e7ddc1c787283d5478ea78d3adacc850f022814a14a160932e135f001096b7ab93dc7c1c3277dd7

    • SSDEEP

      6144:LDKW1Lgbdl0TBBvjc/YrWNjk2ZHXKsDDki/jsRzXN8fZfjLx7zz:/h1Lk70TnvjcAb2ZHXhF/Sz96fnx

    Score
    10/10
    raccoonredlineytstealer55141fdba30e9c28fe0ae2e082b22897infostealerspywarestealerupxpersistence

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • YTStealer

      YTStealer is a malware designed to steal YouTube authentication cookies.

      stealerytstealer

    • YTStealer payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks