Overview

overview

10

Static

static

3

0829cd6ebf...1f.exe

windows7-x64

7

0829cd6ebf...1f.exe

windows10-2004-x64

10

Resubmissions

06-02-2024 15:48

240206-s8rakaccbp 7

21-12-2023 17:24

231221-vy135abcek 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    13769296554.zip

  • Size

    11.6MB

  • Sample

    231221-vy135abcek

  • MD5

    d6f92e8229b5c6ea4a41423518a9d81f

  • SHA1

    394ee4fd027f0cca74391ccf54e39fb1c2420931

  • SHA256

    fd0af456f169a261cf2caa06bef5b9e92e49fb7d5230c7591459ee4a68419e42

  • SHA512

    33eb2412a3af79eb2cd5ed9885c521049c111a49e2273b708894f951616bf8910ddfef7895227503a1187fd7c039cbd3d175f4d25c30d051cdc52764f3137778

  • SSDEEP

    196608:XdOGSxXT8kUYepjyf639NpcGaOTlGgC+YKrF7MWOf5Ug/z8WBHY2UpJKt3w4OAnR:NOGgDlio6lzlYK9s5Ug4CHHMKt3w4ZVz

Score
10/10
redlinesmokeloaderstealczgratwork28.7backdoorinfostealerratspywarestealerthemidatrojanvmprotect

Malware Config

Extracted

Family

stealc

C2

http://5.42.64.41

rc4.plain

Extracted

Family

redline

Botnet

work28.7

C2

194.33.191.102:21751

Extracted

Family

smokeloader

Version

2022

C2

http://onualituyrs.org/

http://sumagulituyo.org/

http://snukerukeutit.org/

http://lightseinsteniki.org/

http://liuliuoumumy.org/

http://stualialuyastrelia.net/

http://kumbuyartyty.net/

http://criogetikfenbut.org/

http://tonimiuyaytre.org/

http://tyiuiunuewqy.org/
rc4.i32
rc4.i32

Targets

    • Target

      0829cd6ebf13b1aa2b01403d19b392ce396d4405e9386fe208ea9b542a625c1f

    • Size

      11.8MB

    • MD5

      d7fd6731e4db6fdac15d7ce4844254f0

    • SHA1

      32286ffae51a5bc0f14bcf6f7cc10d5040abd8c4

    • SHA256

      0829cd6ebf13b1aa2b01403d19b392ce396d4405e9386fe208ea9b542a625c1f

    • SHA512

      5bb7f1731c892300d67aec81eaa48788690b6abcd9fca5f81dd8830d481d9e6aaf1fa766153b94ad450b6a346b1f48fe8ce4b449062ac476b5ac2cc244315d73

    • SSDEEP

      196608:I1rT3Lk6XhNQSKwAk2V80t5AtgNtKpXeBHsepB7/nqlKBlIgj:irbLPXhN1Kpk6t5AtutKpOBppRln

    Score
    10/10
    redlinesmokeloaderstealczgratwork28.7backdoorinfostealerratspywarestealerthemidatrojanvmprotect

    • Detect ZGRat V1

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks