General

  • Target

    7c4ff969fb0183723309c48a0aa7ec44.zip

  • Size

    6.1MB

  • Sample

    221007-htk5wsbgg6

  • MD5

    b1e65e1fb6a6153072639c901ed42377

  • SHA1

    1e48f36affb48bbe91bcd972bbca1af731da620e

  • SHA256

    9acd89082a4b034f8a663eaca62eab61d4c56121514a15b82da1c7bf8986d609

  • SHA512

    4133c28c4df60be2ce6f24c236d2565fe7bacff036521497298ebf087658d91460418e280ce7aa416b652182a09430446a5ab48ba3c67602c65e2ba51390a547

  • SSDEEP

    196608:0upNAFTE/AcanCC0qCvlvOGrMgFm6kPvOW:ZGE/AyC0qCvgUMqm6jW

Malware Config

Extracted

Family

redline

Botnet

@ukradun

C2

149.57.171.97:80

Attributes
  • auth_value

    feae1571619f90476277cbfc8ed460d1

Targets

    • Target

      Installer/Data/MetroFramework.Design.dll

    • Size

      83KB

    • MD5

      b01c771384d246cdd791b807e13404d3

    • SHA1

      760a737af97665def7ae351b3dc9d2fa0c0df044

    • SHA256

      0e6c2f12130ffe9a8653f8f27d840346ef2e3d3f3aeb9fed989d7cd7715aeab8

    • SHA512

      2d763d29ceaf0814643deda5620aa56368b44f7ccf74e569580f7fbdb4d8ec732aac9b8770572ff7e2cb4d819ee2e6a82b4b68e6e8530a98c29f7ad69ccce8fb

    • SSDEEP

      1536:Y3qPWvVCMgfw2eeWqjOebgk0jIpePxd76LGYU8j6ecbolG8EB4h88ii0:Y66dsFeeBGPj1L6LGY+ecboC/8ip

    Score
    1/10
    • Target

      Installer/Data/MetroFramework.Fonts.dll

    • Size

      809KB

    • MD5

      74a1d254d09ba017ef6334619db4b221

    • SHA1

      33531e1bad24af6b7d800e2dcf4f3458973c39e0

    • SHA256

      973fac358ca947d71477282a219aaa0ad06a5001b4ef6f354c552ef3087761a8

    • SHA512

      d457d6eee7ad95c3bbe80ee561c50a4b88617f1f0b29fc8dd3b72c3510b9d564161151bb76ef0b44eaa857c6569b054360f8e2ecf42aa6ddc11178f515ada3e6

    • SSDEEP

      12288:BgzGPEett9Mw9HfBCddjMb2NQVmTW752fmyyKWeHQGokozS:mzJetPMw9HfBCrMb2Kc6ymyyKWewGzUS

    Score
    1/10
    • Target

      Installer/Data/MetroFramework.dll

    • Size

      8.1MB

    • MD5

      0483e0deab759f0ae3864aa41d421788

    • SHA1

      85ef02c77244b57d436b2c28024024651bc0bf57

    • SHA256

      02653aee78a3a06523ac4c3337b53e066b71e55f71cfe6688184fad09b5dea8d

    • SHA512

      7eea926f0f39a185a5ef520d827b1eab05c820bb3f2fcd34dd8dfe6c2d3a7dbc49c3282819f2d8f35455d7f576506a3e93e0973ba8ee96293fc2f6348610f333

    • SSDEEP

      98304:b+qqx0DWuG4WD9WepLSkj3TDuI2pTNwOLVDoP1wLHjMKQJ/O5xjn2ysq1:iqqtuGXWepLSkj3H92TwGV09KRd

    Score
    1/10
    • Target

      Installer/Installer.exe

    • Size

      750.0MB

    • MD5

      0f1d91613d37d98c8fdbda00c07bd592

    • SHA1

      2a90812531a06bf5fb1f4cb01a9ad627bcb66402

    • SHA256

      5cdba4ef24defafa706d9a5c4f8edfc485ad20999d4b3b29027f63e5a84683fa

    • SHA512

      d3ef545412726b158d5ab476fae8504a9ad333c9d4b1d3f6029dbb221db27a0e56244977abbe071cff8a6bda2530997ca8737909e107c4f91e94584446bf8318

    • SSDEEP

      12288:olTSSulF59dauFnJZdLxnOyRm4XBpIEVe:mulRdaUZhrhe

    • Detect PureCrypter loader

    • PureCrypter

      PureCrypter is a loader which is intended for downloading and executing additional payloads.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • Target

      Installer/libcrypto-1_1-x64.dll

    • Size

      3.3MB

    • MD5

      609b389b5e76b15f5ea076e60ea194f6

    • SHA1

      b1b6b617e6378247b0050a9651bdb309b0908a15

    • SHA256

      f0298a8c283b99631ae031796907d663e6be1c3a334b58ee7c61de0f03c92bb2

    • SHA512

      62a1e2c69c9463f21518b317e3ce209eab3d18e59e776b3ae03d17435709b80202003ac142b4b662832b512b76439c9143dced9e6479cd11ab7c0c15dabb8d28

    • SSDEEP

      49152:MtVwASOEBIU6ibmGtlqjPOh5PLTMIPar9XIL8wGbAbpgdnraqK36+mNPAiV8nXxb:D2+Irty7qI6NuiV811CPwDv3uFfJs

    Score
    1/10
    • Target

      Installer/libssl-1_1-x64.dll

    • Size

      666KB

    • MD5

      38e42cdb3526d27e10ef4d16dec3506d

    • SHA1

      5b734cf5d357e17a4f0c9dd7cf306353d45b9524

    • SHA256

      dc123f19571a26e1fabc12d664ee2f351370a5e2c02f7312dcbaba74388687a1

    • SHA512

      9f26637b534a1f5df26053ab99ad2e127b11734b31130bbb0a647e8c4eb2222436ecd8badb658891547f0ddfd3998df45c1a1b19dc98b2b0256ce3d25ac055cd

    • SSDEEP

      12288:Af8OGe+anMhN65AwhYB455izxq3koTBNF/Q77WkFUQste0QoU2lvz:a+F65AwtTzF/Q7ZyzFQoU2lvz

    Score
    1/10
    • Target

      Installer/msvcr100.dll

    • Size

      809KB

    • MD5

      8c65f14bf5672e29cc51e43be13f5424

    • SHA1

      f82d74accbcb8fae9825cba52a3a2b05f6070911

    • SHA256

      a8d8029f967828092680482a51c75e12f4db97926520fb40aaa540cf550567d1

    • SHA512

      39ecfc6069204eec38ef806630036af710329811b02c5faaa709098df97965da6220f6daa5553f40560ef010ca9af476bbfdee2d8864bac68053af306451f3ff

    • SSDEEP

      12288:3gzGPEett9Mw9HfBCddjMb2NQVmTW752fmyyKWeHQGokozS:QzJetPMw9HfBCrMb2Kc6ymyyKWewGzUS

    Score
    1/10

MITRE ATT&CK Enterprise v6

Tasks