General
-
Target
NEAS.8c1992ea21c008449f6bcab47a2ae2f0.exe
-
Size
1.0MB
-
Sample
231104-kq77cseb91
-
MD5
8c1992ea21c008449f6bcab47a2ae2f0
-
SHA1
1ea40a4d722046f9e52f0e4aa22f241fcda27544
-
SHA256
1321cfdd8d38bbd830ba245ffac3cc7bb1e66ea47095ce9c16ab7fd766c4ff99
-
SHA512
2edfeb71b04877b92a941689b953858dba08e4b8f4255057af0cd9201abc9681b0e6eabdecca5af0eb8b21889b216e6104b142860674bfd66a943720ecada943
-
SSDEEP
24576:vyihZv1cgnELzJivpLbzvzVOZK/V+oPSMY+q:6cfnELzJiBnjhH/4sQ+
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.8c1992ea21c008449f6bcab47a2ae2f0.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
grome
77.91.124.86:19084
Extracted
redline
plost
77.91.124.86:19084
Extracted
redline
kedru
77.91.124.86:19084
Extracted
redline
pixelnew2.0
194.49.94.11:80
Extracted
smokeloader
up3
Extracted
smokeloader
2020
http://host-file-host6.com/
http://host-host-file8.com/
Extracted
redline
LiveTraffic
195.10.205.17:8122
Targets
-
-
Target
NEAS.8c1992ea21c008449f6bcab47a2ae2f0.exe
-
Size
1.0MB
-
MD5
8c1992ea21c008449f6bcab47a2ae2f0
-
SHA1
1ea40a4d722046f9e52f0e4aa22f241fcda27544
-
SHA256
1321cfdd8d38bbd830ba245ffac3cc7bb1e66ea47095ce9c16ab7fd766c4ff99
-
SHA512
2edfeb71b04877b92a941689b953858dba08e4b8f4255057af0cd9201abc9681b0e6eabdecca5af0eb8b21889b216e6104b142860674bfd66a943720ecada943
-
SSDEEP
24576:vyihZv1cgnELzJivpLbzvzVOZK/V+oPSMY+q:6cfnELzJiBnjhH/4sQ+
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Glupteba payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Downloads MZ/PE file
-
Modifies Windows Firewall
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
3Windows Service
3Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
3Windows Service
3Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1