General

  • Target

    fd7dcacb69826ecd52753daee902fed0_NEIKI

  • Size

    1.1MB

  • Sample

    240509-ftshvsfc32

  • MD5

    fd7dcacb69826ecd52753daee902fed0

  • SHA1

    132dcdc2e011cc38bc4b84a100576f8b7dc87ca5

  • SHA256

    19f388719fc70cea55990d9671795d053d4b60127b65313a4c06fc3188ae068f

  • SHA512

    1f570c480536e4ab81af6a2594b3b247f93532c80eff4d0703d9a5788cbcb244d944e4f2a05ee0b980d8be008440375bae39326296b8f9f379d5e9a1e1aafe73

  • SSDEEP

    24576:uyZKgG/zR5rPl0JGuEGRnF0W9zMZliurcMdygnRrfiQ7k:94/z7qJHEGRF0G4CurcM7taQ

Malware Config

Extracted

Family

redline

Botnet

horda

C2

194.49.94.152:19053

Extracted

Family

risepro

C2

194.49.94.152

Targets

    • Target

      fd7dcacb69826ecd52753daee902fed0_NEIKI

    • Size

      1.1MB

    • MD5

      fd7dcacb69826ecd52753daee902fed0

    • SHA1

      132dcdc2e011cc38bc4b84a100576f8b7dc87ca5

    • SHA256

      19f388719fc70cea55990d9671795d053d4b60127b65313a4c06fc3188ae068f

    • SHA512

      1f570c480536e4ab81af6a2594b3b247f93532c80eff4d0703d9a5788cbcb244d944e4f2a05ee0b980d8be008440375bae39326296b8f9f379d5e9a1e1aafe73

    • SSDEEP

      24576:uyZKgG/zR5rPl0JGuEGRnF0W9zMZliurcMdygnRrfiQ7k:94/z7qJHEGRF0G4CurcM7taQ

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks