General

  • Target

    f481075cb1f883156cebe55be87d38811ffbb89b82ede18be933761afdbc0f46

  • Size

    1.1MB

  • Sample

    231121-mvl6ssdg99

  • MD5

    b81255811776e073c6b7eb0f795fa374

  • SHA1

    f41680b8064fa21d7532a7d8cae68588e0d9301f

  • SHA256

    f481075cb1f883156cebe55be87d38811ffbb89b82ede18be933761afdbc0f46

  • SHA512

    ad2bd79bfc8f5776a43ff6228046a1420255ac823af765cdc890c0449a94483d6313a6150b2d87c5156201e2c09d75e7572fa8d0ec5ff8e870bf770060574121

  • SSDEEP

    24576:tyoLV7cwmlCvGodI2cV5hije3Hho7iFHCQ2MeF:IWV7IlCv5q5hWeXhx9u

Malware Config

Extracted

Family

redline

Botnet

horda

C2

194.49.94.152:19053

Extracted

Family

risepro

C2

194.49.94.152

Targets

    • Target

      f481075cb1f883156cebe55be87d38811ffbb89b82ede18be933761afdbc0f46

    • Size

      1.1MB

    • MD5

      b81255811776e073c6b7eb0f795fa374

    • SHA1

      f41680b8064fa21d7532a7d8cae68588e0d9301f

    • SHA256

      f481075cb1f883156cebe55be87d38811ffbb89b82ede18be933761afdbc0f46

    • SHA512

      ad2bd79bfc8f5776a43ff6228046a1420255ac823af765cdc890c0449a94483d6313a6150b2d87c5156201e2c09d75e7572fa8d0ec5ff8e870bf770060574121

    • SSDEEP

      24576:tyoLV7cwmlCvGodI2cV5hije3Hho7iFHCQ2MeF:IWV7IlCv5q5hWeXhx9u

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks