Overview

overview

10

Static

static

Lcovlccdxd.exe

windows7-x64

10

Lcovlccdxd.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Lcovlccdxd.exe

  • Size

    1.2MB

  • Sample

    230201-y4nlrsdf9z

  • MD5

    d3713110654dc546bd5edc306a6e7efd

  • SHA1

    db266e554e96098584bcbb29aa2774106a7e90bf

  • SHA256

    97bfa0bd9f3b382280f67839c650a3d7be16aa31f124810f3a9b9559e34619c6

  • SHA512

    35013774da17edf34b0d632766d54a55609d4c68b12da758b26016e5590f349f0a5dd475041cc7dbf02960a67214f9917da34b4c0d7bacdd839865d31fed8de6

  • SSDEEP

    24576:Yw03rS2BK40yMVrs+JBe0pw0H/bap4p16SM7RdkZu3svS/oUfsD:barS2BKOM/JBeYJfFP6SMdd6aRfs

Score
10/10
purecrypterredlinecheatdiscoverydownloaderinfostealerloaderpersistencespywarestealer

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

194.26.192.248:7053

Targets

    • Target

      Lcovlccdxd.exe

    • Size

      1.2MB

    • MD5

      d3713110654dc546bd5edc306a6e7efd

    • SHA1

      db266e554e96098584bcbb29aa2774106a7e90bf

    • SHA256

      97bfa0bd9f3b382280f67839c650a3d7be16aa31f124810f3a9b9559e34619c6

    • SHA512

      35013774da17edf34b0d632766d54a55609d4c68b12da758b26016e5590f349f0a5dd475041cc7dbf02960a67214f9917da34b4c0d7bacdd839865d31fed8de6

    • SSDEEP

      24576:Yw03rS2BK40yMVrs+JBe0pw0H/bap4p16SM7RdkZu3svS/oUfsD:barS2BKOM/JBeYJfFP6SMdd6aRfs

    Score
    10/10
    purecrypterredlinecheatdiscoverydownloaderinfostealerloaderpersistencespywarestealer

    • Detect PureCrypter injector

      loader

    • PureCrypter

      PureCrypter is a .NET malware loader first seen in early 2021.

      loaderdownloaderpurecrypter

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks