General

  • Target

    39021047c13e6054cb6e714f20563565.exe

  • Size

    314KB

  • Sample

    230104-jzeezaab91

  • MD5

    39021047c13e6054cb6e714f20563565

  • SHA1

    c4a4a3e2eac3cc8b410c7ebeab2d376f2b514e95

  • SHA256

    0cb4087b8d532e5fae9ff5d39815fd9b394f9e12cbf783a32329f925022350bc

  • SHA512

    6f8272c3fe0e475b533db861388731138de49195081b06ff3791c80f4feb07939b8695bfa3c83746655011fff3e73f65371b1b44dbc72e64d9d2ccee072d5b9f

  • SSDEEP

    6144:zdjdLbFiXyOjzninVBGb6wlEA/qXD3cAyjcbxe:zjtiCGzniVBGb3EAEDMAygV

Malware Config

Extracted

Family

redline

Botnet

GIVEMEMYGUN

C2

193.233.49.83:3321

Attributes
  • auth_value

    862b38f54d952bd9a16b1945a039305a

Targets

    • Target

      39021047c13e6054cb6e714f20563565.exe

    • Size

      314KB

    • MD5

      39021047c13e6054cb6e714f20563565

    • SHA1

      c4a4a3e2eac3cc8b410c7ebeab2d376f2b514e95

    • SHA256

      0cb4087b8d532e5fae9ff5d39815fd9b394f9e12cbf783a32329f925022350bc

    • SHA512

      6f8272c3fe0e475b533db861388731138de49195081b06ff3791c80f4feb07939b8695bfa3c83746655011fff3e73f65371b1b44dbc72e64d9d2ccee072d5b9f

    • SSDEEP

      6144:zdjdLbFiXyOjzninVBGb6wlEA/qXD3cAyjcbxe:zjtiCGzniVBGb3EAEDMAygV

    • Detects Smokeloader packer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Detectes Phoenix Miner Payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Uses the VBS compiler for execution

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks