General

  • Target

    de6ec5ecd0fb5df9bb61356bdb613720_NEIKI

  • Size

    1.3MB

  • Sample

    240509-dyw1qsah26

  • MD5

    de6ec5ecd0fb5df9bb61356bdb613720

  • SHA1

    012d12d0c983d46dbe8070afed6cd1fe3b822059

  • SHA256

    2205cde9df1fff80fa78b0e7a0306504a5024986b4ca6712664e77dba9b3d42d

  • SHA512

    fd115ab8626f100dd1a54c94d641e3ac4dded2de53ae9e705b9ac0a261ae07c3d311465d7496cf7a6a8dbe5ee6058e6a5c5300d68771621e5023d035637eee21

  • SSDEEP

    24576:GyrAD4RJwD6pFRJDp1GBNaZAKf6BcmP+oJeWNzB/I1YGrpHuVz:VsDKJwD6P/Fj6B5GwNzBAVUV

Malware Config

Extracted

Family

redline

Botnet

horda

C2

194.49.94.152:19053

Extracted

Family

risepro

C2

194.49.94.152

Targets

    • Target

      de6ec5ecd0fb5df9bb61356bdb613720_NEIKI

    • Size

      1.3MB

    • MD5

      de6ec5ecd0fb5df9bb61356bdb613720

    • SHA1

      012d12d0c983d46dbe8070afed6cd1fe3b822059

    • SHA256

      2205cde9df1fff80fa78b0e7a0306504a5024986b4ca6712664e77dba9b3d42d

    • SHA512

      fd115ab8626f100dd1a54c94d641e3ac4dded2de53ae9e705b9ac0a261ae07c3d311465d7496cf7a6a8dbe5ee6058e6a5c5300d68771621e5023d035637eee21

    • SSDEEP

      24576:GyrAD4RJwD6pFRJDp1GBNaZAKf6BcmP+oJeWNzB/I1YGrpHuVz:VsDKJwD6P/Fj6B5GwNzBAVUV

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks