Overview

overview

10

Static

static

1

Acordx Cry...dx.exe

windows10-2004-x64

3

Acordx Cry...ck.exe

windows10-2004-x64

10

Acordx Cry...ls.url

windows10-2004-x64

1

Acordx Cry...UI.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Acordx_Crypter.zip

  • Size

    56.9MB

  • Sample

    230228-vkzm5scd35

  • MD5

    da2d24668a28f53fa942bfd18e7a1476

  • SHA1

    16b92ef20bc8ae5620f28e177a7d87f6c18ea653

  • SHA256

    cf9d610e238181d6078e04b3f29b169191b9da0204571b204d8dfc8036f67cd8

  • SHA512

    bb46cc274d43be802918c6c6987cd2fbe19da2abeb1ef2443a103502c3e55de7ae890b6b3fe2dc5f7443fbffae709e3121d57253f008b0e42598568b7a3871b6

  • SSDEEP

    1572864:I4NidM5XL6+wyj3DtdU+PNeFn/9p6HbV9:GdM57bwyjRhFeFn/9p6HZ9

Score
10/10
redlinesectopratxwormcheatinfostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

54.186.174.253:35361

Extracted

Family

xworm

C2

decision-at.at.ply.gg:18084

Attributes
  • install_file

    svhost.exe

aes.plain

Targets

    • Target

      Acordx Crypter/Acordx.exe

    • Size

      1.2MB

    • MD5

      7a9202505d38a8230c163d700327cd6a

    • SHA1

      4e91c173f2d30519c9de67022cc1f066b4c343a9

    • SHA256

      a8eabc62975c12e675af49535fa43e574048b05fded046c327ad2e7642b8f9b5

    • SHA512

      6d1da1101d157b4f453741a191af293c86c738c2c9aa9e4ac3f30e9983d24a668db3df1d65c16315093e7c88ab67da425db0de3957b08f88c39aed67886d80dc

    • SSDEEP

      24576:EUOmpj6H4/3nVOmULyVEqYcvmEHdBHtolaEFGMSKpbq90PKFHLr3fo:EUOa1cmUeVEFOdBOjpy0yFH33f

    Score
    3/10
    behavioral1

    • Target

      Acordx Crypter/Crack.exe

    • Size

      55.4MB

    • MD5

      02333b8dc720e94cd0b2a78c763a7128

    • SHA1

      b1ecc16bef06c0939f03328a09928248b9244151

    • SHA256

      2f43d0bfd2a071e5f60324bb19ce0d6e5f70674193dd093513b9cfea6b3c1775

    • SHA512

      b14ac898d7281c983a8c530a4492f4629e47f895e83f5161f119a0584f3a442d03c27f763c707f0cdc9f35f229a7830dc99ba60444baa624b6555d4ffe50e0d8

    • SSDEEP

      1572864:STW8pIrCO9hktPnAHxqXIAI/sWSdEqCoQwL:kEPunyxE3t5EelL

    Score
    10/10
    redlinesectopratxwormcheatinfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral2

    • Target

      Acordx Crypter/Get all rats & cracked tools.url

    • Size

      124B

    • MD5

      823c9189881af9ac7791f08a0ddeed40

    • SHA1

      50454bbceb20c6ac6d3bf545a2a2b40b9d06617d

    • SHA256

      15bac6f8ac34087005a6e66a8fae4e87c8e31f3a29923ac9708eb98a28a278ad

    • SHA512

      6eae2a940db05020b8487abb4ba96589f41d3075e7ee1856f5c71b186b97a6065fd188a1fe9d4cb1bbd35d92235a5ef4d40f9e14d2ccabd8fc5204ede5cc5ad5

    Score
    1/10
    behavioral3

    • Target

      Acordx Crypter/Guna.UI.dll

    • Size

      1.1MB

    • MD5

      8673eae95d67e5eb19f0eca3111408e8

    • SHA1

      ad3e1ce93782537ffd3cd9e0bb9d30ae22d40ddb

    • SHA256

      576d2de2c9ef5bc1ea9bdd73ae8f408004260037c3b72227eed27e995166276d

    • SHA512

      65c4eadf448a643f45fa9a0d91497bb25af404c41a3a32686d9e99ba4f4e50783d73f5b13d5df505cc62c465be300746d84a2eaa8000531893cd0b19d6436239

    • SSDEEP

      24576:hUsmpWNSUFmCqJPNsTuJDYYviEcHy1t6Y:hSUQWSF8q

    Score
    1/10
    behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks