Overview

overview

10

Static

static

8

0de4a527e0...71.exe

windows7-x64

9

0de4a527e0...71.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0de4a527e06679ead38bf3250f847729901cab72c9693d7f00e607d04dd6ef71

  • Size

    2.5MB

  • Sample

    221130-by58asag2w

  • MD5

    bab923da922c592e4138b88a402add32

  • SHA1

    5927bed5f9a41a82b6c5b91175ef5bb396a1f17c

  • SHA256

    0de4a527e06679ead38bf3250f847729901cab72c9693d7f00e607d04dd6ef71

  • SHA512

    6c74a6ab914d4f5474450f223020e49658dca756a7769329ccd23d2560121d212474382541a022533b19d5acb5693d2a2576134aafa47ff1f4ab2aa5088c87b7

  • SSDEEP

    49152:VSVJcb9RglAw8js3duEFxNWwKhvzJWNNERSxgNVnJ/hewok+hN6mDKU:VSaIA/stWwkvzJWn+ygNVndhewok+hN3

Score
10/10
privateloaderraccoonredlinecoreentitycryptoneinfostealerloaderpackerstealerupx

Malware Config

Targets

    • Target

      0de4a527e06679ead38bf3250f847729901cab72c9693d7f00e607d04dd6ef71

    • Size

      2.5MB

    • MD5

      bab923da922c592e4138b88a402add32

    • SHA1

      5927bed5f9a41a82b6c5b91175ef5bb396a1f17c

    • SHA256

      0de4a527e06679ead38bf3250f847729901cab72c9693d7f00e607d04dd6ef71

    • SHA512

      6c74a6ab914d4f5474450f223020e49658dca756a7769329ccd23d2560121d212474382541a022533b19d5acb5693d2a2576134aafa47ff1f4ab2aa5088c87b7

    • SSDEEP

      49152:VSVJcb9RglAw8js3duEFxNWwKhvzJWNNERSxgNVnJ/hewok+hN6mDKU:VSaIA/stWwkvzJWn+ygNVndhewok+hN3

    Score
    10/10
    cryptonepackerupxprivateloaderraccoonredlinecoreentityinfostealerloaderstealer

    • CoreEntity .NET Packer

      A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

      coreentity

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

      loaderprivateloader

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • CryptOne packer

      Detects CryptOne packer defined in NCC blogpost.

      cryptonepacker

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks