General

  • Target

    LDPlayer9_es_1009_ld.exe

  • Size

    2.9MB

  • Sample

    230505-v5vvpabf95

  • MD5

    79170cdc94a59fd6e174bd56d8ccadcb

  • SHA1

    c3e8aa07bfb7625194def68231b4db42ca3d6610

  • SHA256

    07bd1745baa33c6abb773c13fb4c65aa35b18b21d7e514af3bf5fd20cd97e500

  • SHA512

    7eb94acbf573a7528709197c96d7edaebce05d1f9aebb5a5992b4fb8c6b88e4cd4c9a4edd1f030362832860da992282476a13dcdb1cb8ca51065df7804a8afc3

  • SSDEEP

    49152:mi/fEwEHpp4/PrRw1SYFjAbDiY+UjwxxtG8N9Hm:mi/8wEHpW/Pa1BF8+QwxKj

Malware Config

Targets

    • Target

      LDPlayer9_es_1009_ld.exe

    • Size

      2.9MB

    • MD5

      79170cdc94a59fd6e174bd56d8ccadcb

    • SHA1

      c3e8aa07bfb7625194def68231b4db42ca3d6610

    • SHA256

      07bd1745baa33c6abb773c13fb4c65aa35b18b21d7e514af3bf5fd20cd97e500

    • SHA512

      7eb94acbf573a7528709197c96d7edaebce05d1f9aebb5a5992b4fb8c6b88e4cd4c9a4edd1f030362832860da992282476a13dcdb1cb8ca51065df7804a8afc3

    • SSDEEP

      49152:mi/fEwEHpp4/PrRw1SYFjAbDiY+UjwxxtG8N9Hm:mi/8wEHpW/Pa1BF8+QwxKj

    • Detects PlugX payload

    • PlugX

      PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Creates new service(s)

    • Downloads MZ/PE file

    • Possible privilege escalation attempt

    • Modifies file permissions

MITRE ATT&CK Enterprise v6

Tasks