General
-
Target
60d529d298fda60d_setupInstall.rar
-
Size
75.6MB
-
Sample
240711-gej4lstgrf
-
MD5
a550717538ccd830a11b2b1f4f6eaa34
-
SHA1
702ddf3dfa759b0a0021cf6f0280af53a7093765
-
SHA256
b244fb7a7b39c836a9629262eaa80865cfbaf37aaea1b1d4b880d8a864f865a4
-
SHA512
a8cddb3f2121c664e76963d053b41ff70f1866adc0fbb3e2e240ddfeb68a67f2ca3929e514a804b856aa9526a22915ce71e20795b996712016925b43e6df7804
-
SSDEEP
1572864:iC4f0C4fkC4f3C4f3C4fiC4fmC4f+C4fUC4f3C4ftC4fxC4fXC4fUC4fiC4fbC4m:ih0hkh3h3hihmh+hUh3hthxhXhUhihbM
Static task
static1
Behavioral task
behavioral1
Sample
setup_installer.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral2
Sample
setup_installer.exe
Resource
win11-20240709-en
Behavioral task
behavioral3
Sample
setup_x86_x64_install.exe
Resource
win10v2004-20240704-en
Malware Config
Extracted
nullmixer
http://motiwa.xyz/
Extracted
redline
ServAni
87.251.71.195:82
Targets
-
-
Target
setup_installer.exe
-
Size
3.1MB
-
MD5
22b4d432a671c3f71aa1e32065f81161
-
SHA1
9a18ff96ad8bf0f3133057c8047c10d0d205735e
-
SHA256
4c61aeec3fa5cbd6e8cd19272d28a1e07a8ac96e3fd8b2343791ed2521dd3028
-
SHA512
c0af739ec9a93978c8c25ad05a2c0826a8320a9ac007bbd36f6846053bc8d434e23a6edf19d1666767fd7ad404532983604fd7774cf18940f7541616700be523
-
SSDEEP
98304:x4mtX5BNf3HFKR6VNHuZA5r5OCvLUBsKeSAWqPO:x4mtJBVlKwVNHuZA5tLUCKiU
-
Detect Fabookie payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
-
-
Target
setup_x86_x64_install.exe
-
Size
3.2MB
-
MD5
3ae1c212119919e5fce71247286f8e0e
-
SHA1
97c1890ab73c539056f95eafede319df774e9d38
-
SHA256
30c2f230e5401b4b1ea8fb425dadf4e453575884303b9fa2066e6a91859f016e
-
SHA512
5bb28a775c10b8b68b8c448d64287ca732d0af5577ecc4348a89934358440bb4ff6958115f14ecbabb0446d234d6f621afa3419daa4aec6c03c0af9b6a3b1558
-
SSDEEP
98304:JzW3xr+nE8OUSnhyL/34PVR3dSqJcppIrTF9UqGbmZ1:J6x6YUSnqoLt/cLS59UJmv
-
Detect Fabookie payload
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-