Overview

overview

10

Static

static

10

Divided Threats.zip

windows10-2004-x64

10

Resubmissions

07-11-2023 02:17

231107-cqv8sshh7z 10

07-11-2023 02:13

231107-cnqwasbe42 10

07-11-2023 02:00

231107-cfgbwshg4s 10

07-11-2023 01:50

231107-b9b4lahf6t 10

07-11-2023 01:35

231107-bz5yxsbb62 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Divided Threats.zip

  • Size

    198.9MB

  • Sample

    231107-cfgbwshg4s

  • MD5

    f6fed4cd5f732c98e95cb2d633b6b88f

  • SHA1

    bd61e60312f1e0ec86b24196f44e8f9275de6cf1

  • SHA256

    42f6ed3f3f25e52787a9e43dec53306eb63e581d87882f3fbc4756685714e39a

  • SHA512

    0bf8b62091061100fb81e8a328e738bce4e3ba733a2a47f808b4b3e44f519441883c72752f654c217b7c354c99894515ed8db92c647587a415d1dfc4d96d68f8

  • SSDEEP

    3145728:BHVJkRpdd5SZKO1E2AH57+eBlBtqVJncR6nl4DpAlAR8bpwBZkzxQxqi:9AddkHedtqbAYob0I+1C

Score
10/10
privateloaderraccoonredlinesmokeloadersnakekeyloggersocelarsstealczgrat5ba094fed1175cc7d1abb03fa165c23c@oleh_pspub4aspackv2backdoorinfostealerkeyloggerloaderstealertrojanupxvmprotect

Malware Config

Extracted

Family

raccoon

Botnet

5ba094fed1175cc7d1abb03fa165c23c

C2

http://79.137.207.53/

Attributes
  • user_agent

    901785252112

xor.plain

Extracted

Family

privateloader

C2

http://45.133.1.107/server.txt

pastebin.com/raw/A7dSG1te

http://wfsdragon.ru/api/setStats.php

51.178.186.149

http://45.133.1.182/proxies.txt

45.133.1.60
Attributes
  • payload_url

    https://vipsofts.xyz/files/mega.bmp

Extracted

Family

socelars

C2

http://www.iyiqian.com/

http://www.hbgents.top/

http://www.rsnzhy.com/

http://www.znsjis.top/

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5206100572:AAFn3MxBuN0bjQhfY8y1ed9Iwi79LyIe75I/sendMessage?chat_id=2135869667

Extracted

Family

stealc

C2

http://robertjohnson.top

http://jaimemcgee.top
Attributes
  • url_path

    /e9c345fc99a4e67e.php

rc4.plain
rc4.plain

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    us2.smtp.mailhostbox.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    cash@com12345cash@com12345

Extracted

Family

smokeloader

Botnet

pub4

Extracted

Family

redline

Botnet

@oleh_ps

C2

194.169.175.235:42691

Targets

    • Target

      Divided Threats.zip

    • Size

      198.9MB

    • MD5

      f6fed4cd5f732c98e95cb2d633b6b88f

    • SHA1

      bd61e60312f1e0ec86b24196f44e8f9275de6cf1

    • SHA256

      42f6ed3f3f25e52787a9e43dec53306eb63e581d87882f3fbc4756685714e39a

    • SHA512

      0bf8b62091061100fb81e8a328e738bce4e3ba733a2a47f808b4b3e44f519441883c72752f654c217b7c354c99894515ed8db92c647587a415d1dfc4d96d68f8

    • SSDEEP

      3145728:BHVJkRpdd5SZKO1E2AH57+eBlBtqVJncR6nl4DpAlAR8bpwBZkzxQxqi:9AddkHedtqbAYob0I+1C

    Score
    10/10
    redlinesmokeloadersnakekeyloggerstealc@oleh_pspub4aspackv2backdoorinfostealerkeyloggerstealertrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger payload

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • Downloads MZ/PE file

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks