General
-
Target
3ec77508ee3d8f4717e4a5b04f51e85310b64c93bea37e1765a63dc49d265bcf
-
Size
1.2MB
-
Sample
231211-a7zlfaaaa6
-
MD5
26f462afb8c842b74ba05f7a345bc136
-
SHA1
76a47c23f52a061e60f22c27cfb1d4b67a2b2f18
-
SHA256
3ec77508ee3d8f4717e4a5b04f51e85310b64c93bea37e1765a63dc49d265bcf
-
SHA512
d4274ebdf37c9c832b456993d97abc0edd0e75389e0bc1f9a5594ea1724fd8b6480e00abce27723b800412d94d52b3e582b4f9b22ba7056da2221b65946603ff
-
SSDEEP
24576:CyOBuuxd4w5eMYWN1izHI7pqyXnmQ4///JA7t8b9t:p+txR0ZWN1izHIFBmQ4//hAKb9
Static task
static1
Behavioral task
behavioral1
Sample
3ec77508ee3d8f4717e4a5b04f51e85310b64c93bea37e1765a63dc49d265bcf.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
risepro
193.233.132.51
Extracted
smokeloader
2022
http://81.19.131.34/fks/index.php
Extracted
eternity
47vk9PbPuHnEnazCn4tLpwPCWRLSMhpX9PD8WqpjchhTXisimD6j8EvRFDbPQHKUmHVq3vAM3DLytXLg8CqcdRXRFdPe92Q
-
payload_urls
https://raw.githubusercontent.com/VolVeRFM/SilentMiner-VolVeR/main/VolVeRBuilder/Resources/xmrig.exe
Extracted
redline
@oleh_ps
176.123.7.190:32927
Targets
-
-
Target
3ec77508ee3d8f4717e4a5b04f51e85310b64c93bea37e1765a63dc49d265bcf
-
Size
1.2MB
-
MD5
26f462afb8c842b74ba05f7a345bc136
-
SHA1
76a47c23f52a061e60f22c27cfb1d4b67a2b2f18
-
SHA256
3ec77508ee3d8f4717e4a5b04f51e85310b64c93bea37e1765a63dc49d265bcf
-
SHA512
d4274ebdf37c9c832b456993d97abc0edd0e75389e0bc1f9a5594ea1724fd8b6480e00abce27723b800412d94d52b3e582b4f9b22ba7056da2221b65946603ff
-
SSDEEP
24576:CyOBuuxd4w5eMYWN1izHI7pqyXnmQ4///JA7t8b9t:p+txR0ZWN1izHIFBmQ4//hAKb9
-
Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-