Overview
overview
10Static
static
3pengisv/Fix.exe
windows7-x64
10pengisv/Fix.exe
windows10-2004-x64
10pengisv/FixV2.exe
windows7-x64
7pengisv/FixV2.exe
windows10-2004-x64
7pengisv/Injector.exe
windows7-x64
10pengisv/Injector.exe
windows10-2004-x64
10pengisv/bocchisr.dll
windows7-x64
1pengisv/bocchisr.dll
windows10-2004-x64
1pengisv/ce...64.dll
windows7-x64
1pengisv/ce...64.dll
windows10-2004-x64
1General
-
Target
pengisv.rar
-
Size
12.4MB
-
Sample
240423-tp5vaahg3v
-
MD5
91a10fd29a37a533b53bd251514b88b2
-
SHA1
c1ae76d63ce8b8821aae8d7d07789e66f8852d4a
-
SHA256
1acb77a48fd420725c250b00ba9ed65ede6220c52db07f0226a23071eea0970c
-
SHA512
ab6ecedfb876fca2b0167a6d9c317474325fc029980ebb688eabd14fbd3d672ea51ae03c9f60fea5c2910e3a519d588319213ba712e52134714c92890c58706c
-
SSDEEP
98304:ChmFLATcWWsar1ZyZDUP9Itc0/MMBIXdXs2jLReShgd5:GFWswyZAP/bmIXdXpZV+d
Static task
static1
Behavioral task
behavioral1
Sample
pengisv/Fix.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
pengisv/Fix.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
pengisv/FixV2.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
pengisv/FixV2.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral5
Sample
pengisv/Injector.exe
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
pengisv/Injector.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral7
Sample
pengisv/bocchisr.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
pengisv/bocchisr.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral9
Sample
pengisv/ced3d9hook64.dll
Resource
win7-20240215-en
Behavioral task
behavioral10
Sample
pengisv/ced3d9hook64.dll
Resource
win10v2004-20240412-en
Malware Config
Extracted
risepro
45.15.156.142:50500
Targets
-
-
Target
pengisv/Fix.exe
-
Size
287.0MB
-
MD5
9111a2dded9df51f1be35d474706a4b2
-
SHA1
9169e3ccb3b4ba877bf92f8b36b6050e6e917490
-
SHA256
db77f3c8fdca18d5472f96d18ccbe8060c6b6bb99592d93e00cc1cccd7b0465f
-
SHA512
f0a6916dda81d2bba3e75ed9aa7c54c5aa65454eef0ec3a7a7dfed5676dd9d99c40628db92e142fd0d9c1ac0825287df1c54c3b361a66e5e5f7f305a4b6323c2
-
SSDEEP
24576:cbRcT1az97B/WMLUcmnpsqxAcQviqv2FRRhuerH0RRwzoV6E8XcU+axHD0WGbmp:GGT1azdBuLLx/WVAnfrIRwz9jRRYmp
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
-
-
Target
pengisv/FixV2.exe
-
Size
243.2MB
-
MD5
77a3813c5dd6e27ab6eb0cbd66c8047d
-
SHA1
c00ef301e56702eb1a55009b592212e3fdedf35e
-
SHA256
50734475af1f89e27485ef0c008b07f8b2c4293d792ee59d17b73b42c2587d4a
-
SHA512
e800f75748d85839a1511474ad5c44cf0df1eb614c189e8ad54f1e4c8ca9937c3e4779b6e98571164fbf36b7a95128a51504084cb485a0e6e17aa0474846b0c6
-
SSDEEP
49152:SBnoL6aMQbJ4pjVli0MyJr02dnN0rKOWN8O3b0/3GhiIAzP:SBE6NQF4p5IpAb
Score7/10-
Loads dropped DLL
-
-
-
Target
pengisv/Injector.exe
-
Size
300.0MB
-
MD5
d21c2d4f372af938109fd2345ac1938b
-
SHA1
f76729490360354f30548f49a8ca3ddeb638758c
-
SHA256
1d61735d5000942390505f6962882af0c9bbd8d52b6e2e179ac47781edc9f281
-
SHA512
f7c7f0962325b3c0d19be00096b618b2bb576b06eda78dc396d9ab6325031d9e8ff86fff33f1189954f32e6300d427029942400a621854848a2930947aa64ae0
-
SSDEEP
24576:bNpd12nDhPgnRcmIoWMsH4YcxGg8Zfq7NtmIxEAzLDV7YTGTbX:BdiDeRQbMsH/JRZfq7NtmDwLDZX
-
Detect ZGRat V1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
pengisv/bocchisr.dll
-
Size
463KB
-
MD5
834e859f320d4ee0b0ab1726093eea4a
-
SHA1
fbfbebd91fe3277a068c94dba53586aae91267dc
-
SHA256
6521d2c34a637f6563241d3784dae6f63480dbd64757063e02a741649837b680
-
SHA512
8ca6146513d5627117565894c39fe56abf0c744b299096b6aa0c64b563e8c6437bf08480a50baaaa46eb4c0d646b59477feab15c32364fb35ca6c18714c6aae7
-
SSDEEP
12288:AlcP+hdhOfATj9F7aKH+QLA4smLiRF0xn2g0AT:AymZOfAtF7aKYDqE0xn2Ji
Score1/10 -
-
-
Target
pengisv/ced3d9hook64.dll
-
Size
50.1MB
-
MD5
b525bf3b4a748b5ab834ab0f6d394d75
-
SHA1
d1cedc0326929379e253ebab35296ecd4100c0db
-
SHA256
42a8aff82777d003b7a2a438bfd506367e1a3de6ee591f1c3935d3e32d5c4e0c
-
SHA512
cbe70517ea00e278df0f6378d2844df52b513c9d5164409cab166f73ba29d7722a63856b8d318b1f5d690d52e1df9156e00c151dd1011886df70e50da13a2817
-
SSDEEP
3072:6UoPePVhoZB34/UWFdQomnRepTPFn35eoONSO2:j8ZBvWrnmnR2Un+
Score1/10 -