General
-
Target
YouAreAnIdiot
-
Size
143KB
-
Sample
221115-yyrq8sff75
-
MD5
72da814c2b53a954af83b3df35234cc3
-
SHA1
bc303394d25d2343ebd9ecd53defff3be1a16f49
-
SHA256
82e234a9f90c41201d820a98dd9e46802c5634f285462d40df31603652daaabe
-
SHA512
68cd9f81491b4e6184c1dcded7378dbf9deb4936dd8bbc2903bbb56a699d5bbf036ef2c830a7ef685e995fdddd9cce6bce85365a6d4b1e544bfcb3d86a8ac7e6
-
SSDEEP
3072:A7bx6EgdsRbAkQSVrRJnFQNhe8al1KHGNrCvDuqJz+NhmS3cjftN7Bi5MP7iXYK3:AaDuqJazmS3cjfX7Bi5MP7iXYKRJGRJu
Malware Config
Extracted
redline
neruz
193.106.191.27:47242
-
auth_value
0169a8759f3c9be473f782b96a6ff704
Targets
-
-
Target
YouAreAnIdiot
-
Size
143KB
-
MD5
72da814c2b53a954af83b3df35234cc3
-
SHA1
bc303394d25d2343ebd9ecd53defff3be1a16f49
-
SHA256
82e234a9f90c41201d820a98dd9e46802c5634f285462d40df31603652daaabe
-
SHA512
68cd9f81491b4e6184c1dcded7378dbf9deb4936dd8bbc2903bbb56a699d5bbf036ef2c830a7ef685e995fdddd9cce6bce85365a6d4b1e544bfcb3d86a8ac7e6
-
SSDEEP
3072:A7bx6EgdsRbAkQSVrRJnFQNhe8al1KHGNrCvDuqJz+NhmS3cjftN7Bi5MP7iXYK3:AaDuqJazmS3cjfX7Bi5MP7iXYKRJGRJu
Score10/10-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Tofsee
Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
-
Creates new service(s)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-