Overview

overview

10

Static

static

deflated-r...er.exe

windows7-x64

10

deflated-r...er.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    deflated-rufus_Installer.exe

  • Size

    2.6MB

  • Sample

    230127-edg7hshg4z

  • MD5

    9814a046255e18128a7605b718efca93

  • SHA1

    5d83e5f3931720fce6ccb43186391f3114124679

  • SHA256

    047528fe2e0b207d93b51f21109eea05ece9bec290c8ddf22a09301bf262735a

  • SHA512

    bf2f9346bc2296542ae6818df770ad922034e40eb35928c513189edb81df52a7f6b8f53b0b645785902c8ed30f2f578a5361d8bb6ebb8883d5d5f794d3bb20f0

  • SSDEEP

    49152:3mJQWFAlO5SRY8mYzbNKrFtbrR4S2EypQ2QbQQ69cE:2HAOTYvYbDypQ2QbOF

Score
10/10
purecrypterredlinenewdiscoverydownloaderinfostealerloaderspywarestealer

Malware Config

Extracted

Family

redline

Botnet

new

C2

194.87.71.146:49144

Attributes
  • auth_value

    4c1607b6fe3d7ff96ea7cf54c0ad912c

Targets

    • Target

      deflated-rufus_Installer.exe

    • Size

      2.6MB

    • MD5

      9814a046255e18128a7605b718efca93

    • SHA1

      5d83e5f3931720fce6ccb43186391f3114124679

    • SHA256

      047528fe2e0b207d93b51f21109eea05ece9bec290c8ddf22a09301bf262735a

    • SHA512

      bf2f9346bc2296542ae6818df770ad922034e40eb35928c513189edb81df52a7f6b8f53b0b645785902c8ed30f2f578a5361d8bb6ebb8883d5d5f794d3bb20f0

    • SSDEEP

      49152:3mJQWFAlO5SRY8mYzbNKrFtbrR4S2EypQ2QbQQ69cE:2HAOTYvYbDypQ2QbOF

    Score
    10/10
    purecrypterredlinenewdiscoverydownloaderinfostealerloaderspywarestealer

    • Detect PureCrypter injector

      loader

    • PureCrypter

      PureCrypter is a .NET malware loader first seen in early 2021.

      loaderdownloaderpurecrypter

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks