General
-
Target
Installers.zip
-
Size
903KB
-
Sample
231107-vsctcacc6z
-
MD5
559d2560876bea3965829fc64249f227
-
SHA1
86d50449b11e0f518a3a6889a483ebaa7c7ade75
-
SHA256
9afa17c89ffab03f918e056a7e307ac7a82f598416361388ab987fd253d60dec
-
SHA512
b6d81f1a75bc1bba89a4c42cee82a885547c429a9036a0871ee97b1f4242a9d0fad02befd120429ed4dceafc9ea74963cd1a1eaaae9eb9ca0d77371b373eff33
-
SSDEEP
12288:uPtBHtEl7Z5S2gNN+EosrP7wt4yoc3HvhhsbMyFdhZtqQA6XWaev9C+c:uH67S28V7nwtPocfh2dhZtSkWJc
Static task
static1
Behavioral task
behavioral1
Sample
Installers.zip
Resource
win10v2004-20231020-en
Behavioral task
behavioral2
Sample
7ba55813ad5deba53ae09d8796e158f4d179f0ec58711df4ad1bdfaed2d2aee2.exe
Resource
win10v2004-20231023-en
Behavioral task
behavioral3
Sample
ceac8d319a011ba082cf1ab197d328e9.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
grome
77.91.124.86:19084
Extracted
smokeloader
pub1
Extracted
smokeloader
2020
http://host-file-host6.com/
http://host-host-file8.com/
Targets
-
-
Target
Installers.zip
-
Size
903KB
-
MD5
559d2560876bea3965829fc64249f227
-
SHA1
86d50449b11e0f518a3a6889a483ebaa7c7ade75
-
SHA256
9afa17c89ffab03f918e056a7e307ac7a82f598416361388ab987fd253d60dec
-
SHA512
b6d81f1a75bc1bba89a4c42cee82a885547c429a9036a0871ee97b1f4242a9d0fad02befd120429ed4dceafc9ea74963cd1a1eaaae9eb9ca0d77371b373eff33
-
SSDEEP
12288:uPtBHtEl7Z5S2gNN+EosrP7wt4yoc3HvhhsbMyFdhZtqQA6XWaev9C+c:uH67S28V7nwtPocfh2dhZtSkWJc
Score1/10 -
-
-
Target
7ba55813ad5deba53ae09d8796e158f4d179f0ec58711df4ad1bdfaed2d2aee2.exe
-
Size
1.1MB
-
MD5
b9b98dfcc7a56c6beda2f43f296b1f61
-
SHA1
513a8d2b2e51356e6db9013389243bc7ddc82f4d
-
SHA256
7ba55813ad5deba53ae09d8796e158f4d179f0ec58711df4ad1bdfaed2d2aee2
-
SHA512
fda17e6a2b004ca9518b82ec653aee60323d95a70bbfa061a7e8ee467cf4a8d8f1f01fa022724b76b473996f9e7c56aef600672c927a09fbf4260f174b5885ae
-
SSDEEP
12288:XC9ofgTLMa29AS087kHCqZXjIR+LbUjZAkEuWSe/eM1SrxRydJYNarKK:Xl4T/29AX87kHCsUR+vu3MaQYNar
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of SetThreadContext
-
-
-
Target
ceac8d319a011ba082cf1ab197d328e9.exe
-
Size
550KB
-
MD5
ceac8d319a011ba082cf1ab197d328e9
-
SHA1
8a0b8c4021cdfc37bc3514c14374ca3d8251e2f8
-
SHA256
916eee1fff3ef0a6927be3c4f6f8cd5b6a7f59d024ae681606bf4659b98e809f
-
SHA512
1d07a56fc8ccec68c7ccd165ff2e11dab656fb20702f5b9854091bcef52221652c13af0d7e05b87772784ea686bc7be5179448f908f46f99576826c39be4723e
-
SSDEEP
12288:9t2srLN4gZpSEgHXvr83c6FdjdbqA8XmIM0qeKm7PH:9tZrLNrZpS3v+djdbAXVjKg/
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops Chrome extension
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5Subvert Trust Controls
1Install Root Certificate
1