Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
19-06-2024 08:31
Behavioral task
behavioral1
Sample
Redengine Crack.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
Redengine Crack.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
main.pyc
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
main.pyc
Resource
win10v2004-20240508-en
General
-
Target
Redengine Crack.exe
-
Size
17.0MB
-
MD5
ab167bc1cb763ad2cfdfc86ee45b9f22
-
SHA1
03c9e4fe5f1b789adae9ea0f91789c8ad58aa10c
-
SHA256
2da8c55da46f148005b1b6eb5eaf231091b9f05ce4f73085abea04c242d77af4
-
SHA512
f39cdba1aab81ee29ea44e21857abf5a51a70887ca476768a5abdcd38a721d2fd51915e356c925946d5837a749c4df7229c875b2efe5831f5c3ec4f2545b9d42
-
SSDEEP
393216:UxAhZ1FeREWOL2Vmd6m7/m3pz0GzajJBfrSsvItRzxFHkhy7Yc:Um7jeRayVmdRKDEJB2sQtxxFE8
Malware Config
Signatures
-
Loads dropped DLL 43 IoCs
Processes:
Redengine Crack.exepid process 5072 Redengine Crack.exe 5072 Redengine Crack.exe 5072 Redengine Crack.exe 5072 Redengine Crack.exe 5072 Redengine Crack.exe 5072 Redengine Crack.exe 5072 Redengine Crack.exe 5072 Redengine Crack.exe 5072 Redengine Crack.exe 5072 Redengine Crack.exe 5072 Redengine Crack.exe 5072 Redengine Crack.exe 5072 Redengine Crack.exe 5072 Redengine Crack.exe 5072 Redengine Crack.exe 5072 Redengine Crack.exe 5072 Redengine Crack.exe 5072 Redengine Crack.exe 5072 Redengine Crack.exe 5072 Redengine Crack.exe 5072 Redengine Crack.exe 5072 Redengine Crack.exe 5072 Redengine Crack.exe 5072 Redengine Crack.exe 5072 Redengine Crack.exe 5072 Redengine Crack.exe 5072 Redengine Crack.exe 5072 Redengine Crack.exe 5072 Redengine Crack.exe 5072 Redengine Crack.exe 5072 Redengine Crack.exe 5072 Redengine Crack.exe 5072 Redengine Crack.exe 5072 Redengine Crack.exe 5072 Redengine Crack.exe 5072 Redengine Crack.exe 5072 Redengine Crack.exe 5072 Redengine Crack.exe 5072 Redengine Crack.exe 5072 Redengine Crack.exe 5072 Redengine Crack.exe 5072 Redengine Crack.exe 5072 Redengine Crack.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 5 api.ipify.org 8 api.ipify.org -
Suspicious use of WriteProcessMemory 2 IoCs
Processes:
Redengine Crack.exedescription pid process target process PID 968 wrote to memory of 5072 968 Redengine Crack.exe Redengine Crack.exe PID 968 wrote to memory of 5072 968 Redengine Crack.exe Redengine Crack.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Redengine Crack.exe"C:\Users\Admin\AppData\Local\Temp\Redengine Crack.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:968 -
C:\Users\Admin\AppData\Local\Temp\Redengine Crack.exe"C:\Users\Admin\AppData\Local\Temp\Redengine Crack.exe"2⤵
- Loads dropped DLL
PID:5072
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
22KB
MD50d0450292a5cf48171411cc8bfbbf0f7
SHA15de70c8bab7003bbd4fdcadb5c0736b9e6d0014c
SHA256cb3ce4f65c9e18be6cbb504d79b594b51f38916e390dad73de4177fe88ce9c37
SHA512ba6bbcc394e07fe09bb3a25e4aae9c4286516317d0b71d090b91aaec87fc10f61a4701aa45bc74cb216fff1e4ad881f62eb94d4ee2a3a9c8f04a954221b81d3a
-
Filesize
23KB
MD50f4d8993f0d2bd829fea19a1074e9ce7
SHA14dfe8107d09e4d725bb887dc146b612b19818abf
SHA2566ca8711c8095bbc475d84f81fc8dfff7cd722ffe98e0c5430631ae067913a11f
SHA5121e6f4bc9c682654bd18e1fc4bd26b1e3757c9f89dc5d0764b2e6c45db079af184875d7d3039161ea93d375e67f33e4fb48dcb63eae0c4ee3f98f1d2f7002b103
-
Filesize
25KB
MD58f385dbacd6c787926ab370c59d8bba2
SHA1953bad3e9121577fab4187311cb473d237f6cba3
SHA256ddf0b165c1c4eff98c4ac11e08c7beadcdd8cc76f495980a21df85ba4368762a
SHA512973b80559f238f6b0a83cd00a2870e909a0d34b3df1e6bb4d47d09395c4503ea8112fb25115232c7658e5de360b258b6612373a96e6a23cde098b60fe5579c1c
-
Filesize
21KB
MD5ade53f8427f55435a110f3b5379bdde1
SHA190bdafccfab8b47450f8226b675e6a85c5b4fcce
SHA25655cf117455aa2059367d89e508f5e2ad459545f38d01e8e7b7b0484897408980
SHA5122856d4c1bbdd8d37c419c5df917a9cc158c79d7f2ee68782c23fb615d719d8fe61aaa1b5f5207f80c31dc381cd6d8c9dabd450dbc0c774ff8e0a95337fda18bd
-
Filesize
22KB
MD5b894480d74efb92a7820f0ec1fc70557
SHA107eaf9f40f4fce9babe04f537ff9a4287ec69176
SHA256cdff737d7239fe4f39d76683d931c970a8550c27c3f7162574f2573aee755952
SHA512498d31f040599fe3e4cfd9f586fc2fee7a056635e9c8fd995b418d6263d21f1708f891c60be09c08ccf01f7915e276aafb7abb84554280d11b25da4bdf3f3a75
-
Filesize
24KB
MD596789921c688108cac213fadb4ff2930
SHA1d017053a25549ebff35ec548e76fc79f778d0b09
SHA2567e4b78275516aa6bdea350940df89c0c94fd0ee70ab3f6a9bac6550783a96cad
SHA51261a037b5f7787bb2507f1d2d78a31cf26a9472501fb959585608d8652af6f665922b827d45979711861803102a07d4a2148e9be70ab7033ece9e0484fe110fdf
-
Filesize
21KB
MD58070eb2be9841525034a508cf16a6fd6
SHA184df6bceba52751f22841b1169d7cd090a4bb0c6
SHA256ee59933eba41bca29b66af9421ba53ffc90223ac88ccd35056503af52a2813fe
SHA51233c5f4623a2e5afe404056b92556fdbaf2419d7b7728416d3368d760ddfde44a2739f551de26fa443d59294b8726a05a77733fee66abc3547073d85f2d4ebeee
-
Filesize
566KB
MD50929e46b1020b372956f204f85e48ed6
SHA19dc01cf3892406727c8dc7d12ad8855871c9ef09
SHA256cb3c74d6fcc091f4eb7c67ee5eb5f76c1c973dea8b1c6b851fcca62c2a9d8aa8
SHA512dd28fca139d316e2cc4d13a6adffb7af6f1a9dc1fc7297976a4d5103fae44de555a951b99f7601590b331f6dbb9bfc592d31980135e3858e265064117012c8d5
-
Filesize
95KB
MD5f34eb034aa4a9735218686590cba2e8b
SHA12bc20acdcb201676b77a66fa7ec6b53fa2644713
SHA2569d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1
SHA512d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af
-
Filesize
36KB
MD5135359d350f72ad4bf716b764d39e749
SHA12e59d9bbcce356f0fece56c9c4917a5cacec63d7
SHA25634048abaa070ecc13b318cea31425f4ca3edd133d350318ac65259e6058c8b32
SHA512cf23513d63ab2192c78cae98bd3fea67d933212b630be111fa7e03be3e92af38e247eb2d3804437fd0fda70fdc87916cd24cf1d3911e9f3bfb2cc4ab72b459ba
-
Filesize
861KB
MD52c7528407abfd7c6ef08f7bcf2e88e21
SHA1ee855c0cde407f9a26a9720419bf91d7f1f283a7
SHA256093ab305d9780373c3c7d04d19244f5e48c48e71958963ceca6211d5017a4441
SHA51293e7c12a6038778fcda30734d933b869f93e3b041bb6940852404641a599fe9c8ee1168a2e99dcfb624f84c306aff99757d17570febabc259908c8f6cda4dbea
-
Filesize
85KB
MD5b024a6f227eafa8d43edfc1a560fe651
SHA192451be6a2a6bfc4a8de8ad3559ba4a25d409f2e
SHA256c0dd9496b19ba9536a78a43a97704e7d4bef3c901d196ed385e771366682819d
SHA512b9edb6d0f1472dd01969e6f160b41c1e7e935d4eebcaf08554195eb85d91c19ff1bfbc150773f197462e582c6d31f12bd0304f636eb4f189ed3ed976824b283e
-
Filesize
179KB
MD53d48e9bc9a3b68e816e1d0be284f2d3f
SHA1410921af4383bdc898df691ea39e3e9f558c3d85
SHA25688451f322707b22c43b36796c3711bace64f50ef7b22c94fbf29a04a2838e533
SHA512829c0e0458f927ffd8e60194c5ef75c9e4f9da86d3fa7d7184715a869a2765b5e3a0d4263ab9acbbdb752f451acc87eb5a7b1d63712c67e21fcef8c228da3db3
-
Filesize
125KB
MD5a1e9b3cc6b942251568e59fd3c342205
SHA13c5aaa6d011b04250f16986b3422f87a60326834
SHA256a8703f949c9520b76cb1875d1176a23a2b3ef1d652d6dfac6e1de46dc08b2aa3
SHA5122015b2ae1b17afc0f28c4af9cedf7d0b6219c4c257dd0c89328e5bd3eee35e2df63ef4fccb3ee38e7e65f01233d7b97fc363c0eae0cfa7754612c80564360d6f
-
Filesize
64KB
MD569dc506cf2fa3da9d0caba05fca6a35d
SHA133b24abb7b1d68d3b0315be7f8f49de50c9bdcb6
SHA256c5b8c4582e201fef2d8cb2c8672d07b86dec31afb4a17b758dbfb2cff163b12f
SHA5120009ec88134e25325a47b8b358da0fed8bb34fe80602e08a60686f6029b80f4287d33adb66ef41435d11d6edff86a88916f776eeaf2d1cb72035783f109ca1ff
-
Filesize
160KB
MD577b78b43d58fe7ce9eb2fbb1420889fa
SHA1de55ce88854e314697fa54703a2cd6cc970f3111
SHA2566e571d93ce55d09583ec91c607883a43c1da3d4d36794d68c6ecd6bea4ab466a
SHA5127b03b7d3f2fd9b51391de08e69ca9156a0232b56f210878a488b9d5a19492ab5880f45d9407331360fbe543a52c03d68f68da4387bf6a13b20ec903a7b081846
-
Filesize
30KB
MD5328e41b501a51b58644c7c6930b03234
SHA1bc09f8b62fec750a48bafd9db3494d2f30f7bd54
SHA2562782cf3c04801ede65011be282e99cd34d163b2b2b2333fd3147b33f7d5e72ab
SHA512c6e6e6bca0e9c4e84f7c07541995a7ee4960da095329f69120ba631c3c3e07c0441cf2612d9dcc3d062c779aec7d4e6a00f71f57cc32e2a980a1e3574b67d248
-
Filesize
79KB
MD5cd56f508e7c305d4bfdeb820ecf3a323
SHA1711c499bcf780611a815afa7374358bbfd22fcc9
SHA2569e97b782b55400e5a914171817714bbbc713c0a396e30496c645fc82835e4b34
SHA512e937c322c78e40947c70413404beba52d3425945b75255590dedf84ee429f685e0e5bc86ad468044925fbc59cf7ec8698a5472dd4f05b4363da30de04f9609a5
-
Filesize
89KB
MD5d7dce668e11c61245f91e723db68b134
SHA10edd1d7783b6be460e9a5c02aaec971bb4aa25af
SHA256e8cd83af8716df93b761ffaa01949d57e2551804c3bab679d81ac72534490a1d
SHA512ace805042be4130329bafbe29d44a5c80a3746abdfc1ab63016f8e0dba97f4d02b30dd4dc29cb658f5757215bd132e8acc34a5842f955a0c45c1837b916319e4
-
Filesize
153KB
MD570014e88ecf3133b7be097536f77b459
SHA15d75675bb35ba6fae774937789491e051e62a252
SHA256d318795c98c5f3c127c8e47220a92acba0736daf31bab0dc9c7e6c3513bb2aa3
SHA512aa59b32c9164afca1b799e389c7087e95eeaa543790b6f590f9e30aa13b7fdb8cc83d0ef6351f0b578a4da636f4ca1e6dfe4558dcf3a813b744a80f7392aa462
-
Filesize
782KB
MD5b8ed4da65fcd99bfa0ebc1e05c117368
SHA19d822e68363ffd59d4e5b3af6a4f27f5a89d35e5
SHA256da7b254387c376f8dd50db6c88b9e5a801aacfc7e577e34197ebac8fb990ce70
SHA512d9dcbbf1e4f3e6837deca1030fc0b8b45513230ed11f60c7dfada87842f9c1ded53c6f8678ed8bc47d22c98805cd95fe3c27549a7069d04833ed32977456ba19
-
Filesize
3.3MB
MD5ab01c808bed8164133e5279595437d3d
SHA10f512756a8db22576ec2e20cf0cafec7786fb12b
SHA2569c0a0a11629cced6a064932e95a0158ee936739d75a56338702fed97cb0bad55
SHA5124043cda02f6950abdc47413cfd8a0ba5c462f16bcd4f339f9f5a690823f4d0916478cab5cae81a3d5b03a8a196e17a716b06afee3f92dec3102e3bbc674774f2
-
Filesize
32KB
MD5eef7981412be8ea459064d3090f4b3aa
SHA1c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016
-
Filesize
682KB
MD5de72697933d7673279fb85fd48d1a4dd
SHA1085fd4c6fb6d89ffcc9b2741947b74f0766fc383
SHA256ed1c8769f5096afd000fc730a37b11177fcf90890345071ab7fbceac684d571f
SHA5120fd4678c65da181d7c27b19056d5ab0e5dd0e9714e9606e524cdad9e46ec4d0b35fe22d594282309f718b30e065f6896674d3edce6b3b0c8eb637a3680715c2c
-
Filesize
201KB
MD53ee5ec36b631c2352cd8bd2e4b58b37f
SHA1d6ddab5eb14226fea6e5212382b5dd39aa50df97
SHA256f32af8a21c016702647a83661eb4460bac7c791754cb1faaf1c4d096a94cd7cb
SHA512873f72bc481bf6c55cdd00e97ea0e5946f466790f3319374b1c15772d4abdc7f394defd2cb130323fff2169380b0cda7319bb2b19f87ed5dfa479635f4b21317
-
Filesize
59KB
MD54a776941c0aa723c50223cb1a19e6d02
SHA108e4cdf06f3b9ee5f9d5c865b49c808d20938583
SHA2565a2f39ed041d35bb48e89c72c1ad16a5a24a3674f8eb34bfbc6310fd75128f16
SHA5120319030bd2b51bf605c8ef4324eacf3a1f2e2315c92bc0cfc8e9eb7df72038f6c377b9537fec16470363499e6e0dbb7ca164169ae43601294310f84e53a06881
-
Filesize
4.3MB
MD52135da9f78a8ef80850fa582df2c7239
SHA1aac6ad3054de6566851cae75215bdeda607821c4
SHA256324963a39b8fd045ff634bb3271508dab5098b4d99e85e7648d0b47c32dc85c3
SHA512423b03990d6aa9375ce10e6b62ffdb7e1e2f20a62d248aac822eb9d973ae2bf35deddd2550a4a0e17c51ad9f1e4f86443ca8f94050e0986daa345d30181a2369
-
Filesize
652KB
MD5f7248c0bf2538a832f06bf5735badd88
SHA1301b9c6803781c9cf63414862d8ed8c64c1d5316
SHA25686be43773e1b863cc2e87c980ae9fd8291eff3d82dd4136491b8f95b2dbf868f
SHA512abc5ee57598cdbff3091d77f2f00bd7b69235b48810ba8946ffeed039b7aa03a7d49db2e21b01b6d0753b1dcb7ac5a29d56732451d2c739b5c47fe299a99c765
-
Filesize
136KB
MD5f0c9ae2851bdadd218d864430281b576
SHA1b7fb397f1c9cd07c81c7ae794b2af794c918746f
SHA25615ff353b873b58c7a8af42d94462aa4cb4ea03c10673a87a0d7f2c42b7ec60c0
SHA512915aa0121265b11d6ab58643fb1e4d867e3c49608dd5c8842364d4ed913f4742b4c4d54b21526ea62d7d48598b02c613f1ab39a4a071e403d4cc6fe68f839b7e
-
Filesize
29KB
MD535bb285678b249770dda3f8a15724593
SHA1a91031d56097a4cbf800a6960e229e689ba63099
SHA25671ed480da28968a7fd07934e222ae87d943677468936fd419803280d0cad07f3
SHA512956759742b4b47609a57273b1ea7489ce39e29ebced702245a9665bb0479ba7d42c053e40c6dc446d5b0f95f8cc3f2267af56ccaaaf06e6875c94d4e3f3b6094
-
Filesize
1.5MB
MD51d234679a3e6e068b741b83eebc3adb2
SHA1e63c5b5ee813a73585ecf5e4425cf3fe52e1294c
SHA2565a4fc3957bc5f007b6c3a2df66c8286fe65ae74827a233f0df2e9679dc7ad39f
SHA512a085613067482b4544bddcdceef56f5fb46322ddb4490b1034f2fdacbe2a3dcc3721e645941d89dbb9110cd5630cab0cc4cc1573946e5667d6c6c07ffce341cd
-
Filesize
1.1MB
MD53ba2a20dda6d1b4670767455bbe32870
SHA17c98221bc6ed763030087b1f33fb83eac2823ea4
SHA2563a0987025f1cf2111dc6e4f59402073ba123d7436d809ee4198b4e7bfb8cb868
SHA5120688f8af3359a8571bef2a89efabc2dbf26f3f5c6220932a4e7df2e33fac95cafee8b80796346ba698e6bf43630b8069f56538b95a8ff62ec21d629787ca5cd1
-
Filesize
129KB
MD530d431bdd2419b1c59f22c0ab790ab88
SHA1fe4c07f5e77806e5f0f5f90762849818eb4d29d1
SHA2560813e92197b04508363d93f3fc2065e962baab44f8a2c18c6297e1fb348cc679
SHA512d5c8e362c5be1decffb7960b0169e18641816ada783e0ec5a3c909c163bf1aa8878d6e7d7efb0258a0f1a031ac8e71c084d7220347b85b07412d6717f3b5ff58