General

  • Target

    85b1b1e357039975bd20490c39597e10_NEIKI

  • Size

    1.1MB

  • Sample

    240508-2rckhsea96

  • MD5

    85b1b1e357039975bd20490c39597e10

  • SHA1

    94f5d104a72f8080b6ead819cafadb8e8bba346d

  • SHA256

    17e989968f9c8168fe118098ed7ecf6e15c476d21662ff9f7207d0cb23f4320b

  • SHA512

    f0341e82d8bfb6966f41bc9c1c61de7f4680328cc0bc86f3c8feb9e39aeb68f704f18ed50085946f41813ef1eb2ef4469237f59ddded5ade9b33d583f93093f1

  • SSDEEP

    24576:CyPS4sdckhDybKfBQlcfYXvyuHqphvAlx/K76ora0X/7wCRmOWwb4:pPS2kh+WeEevdKphvc/nMXsYNf

Malware Config

Extracted

Family

redline

Botnet

horda

C2

194.49.94.152:19053

Extracted

Family

risepro

C2

194.49.94.152

Targets

    • Target

      85b1b1e357039975bd20490c39597e10_NEIKI

    • Size

      1.1MB

    • MD5

      85b1b1e357039975bd20490c39597e10

    • SHA1

      94f5d104a72f8080b6ead819cafadb8e8bba346d

    • SHA256

      17e989968f9c8168fe118098ed7ecf6e15c476d21662ff9f7207d0cb23f4320b

    • SHA512

      f0341e82d8bfb6966f41bc9c1c61de7f4680328cc0bc86f3c8feb9e39aeb68f704f18ed50085946f41813ef1eb2ef4469237f59ddded5ade9b33d583f93093f1

    • SSDEEP

      24576:CyPS4sdckhDybKfBQlcfYXvyuHqphvAlx/K76ora0X/7wCRmOWwb4:pPS2kh+WeEevdKphvc/nMXsYNf

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks