Overview

overview

10

Static

static

3

70cbd08c83...0a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    70cbd08c83e4c6bf071e11c029cf4bab3c6014ddb4569bda43914bfd0ee1cc0a

  • Size

    1.6MB

  • Sample

    231117-t8as9abb77

  • MD5

    056656aac7706a71e70a44190b5524f9

  • SHA1

    dfe3ea876db268d4da5682e3def2eb7761b093a4

  • SHA256

    70cbd08c83e4c6bf071e11c029cf4bab3c6014ddb4569bda43914bfd0ee1cc0a

  • SHA512

    1b4a8afbc8a5a03a38411dc38cd4cd744b465dd97f8adff1998542e40b83296768e6cce42e8e5d756db95502bb42f98704681c3c231ac7a6fa43e2ddbda17fa0

  • SSDEEP

    49152:JEn/0nighTgbrImr5BNTAU/t9IWJHBAQV0Ga:in/0fmt0eIUqn

Score
10/10
privateloaderredlineriseprosmokeloaderzgrat@ytlogsbothordabackdoorevasioninfostealerloaderpersistenceratstealertrojan

Malware Config

Extracted

Family

redline

Botnet

horda

C2

194.49.94.152:19053

Extracted

Family

risepro

C2

194.49.94.152

Extracted

Family

smokeloader

Version

2022

C2

http://194.49.94.210/fks/index.php

rc4.i32
rc4.i32

Extracted

Family

redline

Botnet

@ytlogsbot

C2

194.169.175.235:42691

Targets

    • Target

      70cbd08c83e4c6bf071e11c029cf4bab3c6014ddb4569bda43914bfd0ee1cc0a

    • Size

      1.6MB

    • MD5

      056656aac7706a71e70a44190b5524f9

    • SHA1

      dfe3ea876db268d4da5682e3def2eb7761b093a4

    • SHA256

      70cbd08c83e4c6bf071e11c029cf4bab3c6014ddb4569bda43914bfd0ee1cc0a

    • SHA512

      1b4a8afbc8a5a03a38411dc38cd4cd744b465dd97f8adff1998542e40b83296768e6cce42e8e5d756db95502bb42f98704681c3c231ac7a6fa43e2ddbda17fa0

    • SSDEEP

      49152:JEn/0nighTgbrImr5BNTAU/t9IWJHBAQV0Ga:in/0fmt0eIUqn

    Score
    10/10
    privateloaderredlineriseprosmokeloaderzgrat@ytlogsbothordabackdoorevasioninfostealerloaderpersistenceratstealertrojan

    • Detect ZGRat V1

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

      loaderprivateloader

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

      stealerrisepro

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Downloads MZ/PE file

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks