General

  • Target

    Setup Hack.rar

  • Size

    306KB

  • Sample

    230730-1q6xasce6s

  • MD5

    cdc63a5ebf6f74315426c779aeb204cf

  • SHA1

    96a87728a442fc3e3e89dbd1508e31270e1bc01d

  • SHA256

    66fc01144c0cc82c6a29dcf17b27d7d70cddfb967497ce9fd343d13b1573b81b

  • SHA512

    7f2d18dcc7a7468f10d30b4087c51fc6874a7df1923191e1671f530b9637d419f9ab01a39b6771a9669f87a3691a341e526a7d5419f2d1809b85814cba3b0fd8

  • SSDEEP

    6144:vD2xNav+luEiqWSwppktGIXdXwbySpWY+8MGZWjewD1QhOH+:vhyuEvOodgBW1jeK1hH+

Malware Config

Extracted

Family

redline

Botnet

@Turbin63

C2

94.142.138.4:80

Attributes
  • auth_value

    c9d51c45ece76628902c971fd5a55a1c

Extracted

Family

laplas

C2

http://185.209.161.189

Attributes
  • api_key

    f0cd0c3938331a84425c6e784f577ccd87bb667cfdb44cc24f97f402ac5e15b7

Targets

    • Target

      Setup Hack/Hack.exe

    • Size

      2.4MB

    • MD5

      a72a98d3af3f7afeb0859746621cbb96

    • SHA1

      46bd27a8881f46432aed56096532099f531fda07

    • SHA256

      25f2b8249f473ecbbdce0c8251584193a264d65a2e66cf2d436d6cc998131de7

    • SHA512

      4111f8820d8d001c6e04433aaa790dde32b49899b2a55f0b26eefbde87e19ecd49f18d86b464d800c7e9780236b1dfc5a3ee6a828ee468bdb6f0433c7f2e8db8

    • SSDEEP

      24576:752A3xTrSOlk1yk1g6YmBeJ5D5BtndadNK:/xTrSO+K6pBe4K

    • Laplas Clipper

      Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks