Overview

overview

7

Static

static

3

Redact-Set....4.exe

windows7-x64

4

Redact-Set....4.exe

windows10-2004-x64

7

Redact.exe

windows7-x64

1

Redact.exe

windows10-2004-x64

6

resources/elevate.exe

windows7-x64

1

resources/elevate.exe

windows10-2004-x64

1

Resubmissions

02/06/2024, 23:20

240602-3bvxlaag6v 7

02/06/2024, 23:16

240602-29dwasbg87 4

Sharing

Copy URL Twitter E-mail

General

  • Target

    Redact-Setup-0.17.4.exe

  • Size

    71.1MB

  • Sample

    240602-3bvxlaag6v

  • MD5

    34dc26c43d1c95019b5a390eb5e5fcc2

  • SHA1

    c74edda8d14c6683eeb482344f009b1ac0f97491

  • SHA256

    4d8daf45a5fcf7480739974e1d9ecac7370462f66196dd14b9a38020120dc202

  • SHA512

    3fdb707661075555112672ed0157ba45bb65581d58b5f6c045a32cdd830acb24bdbcdb62dd48ab743d221f13e4d0d0824f0bb2edff5da1ce5f923ab43e3babcc

  • SSDEEP

    1572864:WXeyzeKgzQOKuPjz++x1vWx4gYaVsxYTCs68KGz6kz:WXF8zQOKundve4gayjpz

Score
7/10
discoveryexecutionspywarestealer

Malware Config

Targets

    • Target

      Redact-Setup-0.17.4.exe

    • Size

      71.1MB

    • MD5

      34dc26c43d1c95019b5a390eb5e5fcc2

    • SHA1

      c74edda8d14c6683eeb482344f009b1ac0f97491

    • SHA256

      4d8daf45a5fcf7480739974e1d9ecac7370462f66196dd14b9a38020120dc202

    • SHA512

      3fdb707661075555112672ed0157ba45bb65581d58b5f6c045a32cdd830acb24bdbcdb62dd48ab743d221f13e4d0d0824f0bb2edff5da1ce5f923ab43e3babcc

    • SSDEEP

      1572864:WXeyzeKgzQOKuPjz++x1vWx4gYaVsxYTCs68KGz6kz:WXF8zQOKundve4gayjpz

    Score
    7/10
    discoveryexecutionspywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to get system information.

      execution
    behavioral1behavioral2

    • Target

      Redact.exe

    • Size

      155.7MB

    • MD5

      ea71b84ef622908a82dbf260fc798c57

    • SHA1

      cd2c4c8e7923e45d88609dff7cfa0088556ff711

    • SHA256

      af2eb7d7f6d8adb4c501aed5a6d89fbe6a5bef2460194f71143f139f637ae10e

    • SHA512

      ce487b6f046d11362160d67368c198ad7ca187618f20dc4894bd62dc7905929482a19355fb090de66dfa2f0c9da64785ecf0ffb6de3b15ffc40ef6b6533846cb

    • SSDEEP

      1572864:sAbYR2tKLDlPCDlrbnGDDX9lWOp+gEj09Yl4g7H01vejHK5HVRvq1/H/XorJLfQz:XmDLL3UPK3kd

    Score
    6/10

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral3behavioral4

    • Target

      resources/elevate.exe

    • Size

      127KB

    • MD5

      0c5eddcbcda71a2f93b8fc5efe0c4378

    • SHA1

      812c4885e5eed8b21c7ff7441e59c19a014a6b08

    • SHA256

      1584d5c283fa80ace65cf1716008b385ae703260b169f0d1ed7df06347cc2a5f

    • SHA512

      9c0264d663993dc9c9244531b48612b90774aced30709a6a8749acf1fd0e769870adcee3c32c0ac8d720bfabd4c33cc3a787b12f900b11e60dc7de7ce1ebb4f5

    • SSDEEP

      3072:z9bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWlipQpy:BPrwRhte1XsE1lipQpy

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks