Overview

overview

7

Static

static

7

RedVIP5Rel...88.exe

windows7-x64

7

RedVIP5Rel...88.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

DLLCLT.dll

windows7-x64

3

DLLCLT.dll

windows10-2004-x64

3

DownLoad/attrib.exe

windows7-x64

3

DownLoad/attrib.exe

windows10-2004-x64

3

DownLoad/rar.exe

windows7-x64

3

DownLoad/rar.exe

windows10-2004-x64

3

McuFlash/Download.exe

windows7-x64

3

McuFlash/Download.exe

windows10-2004-x64

3

RedVIPControls.dll

windows7-x64

3

RedVIPControls.dll

windows10-2004-x64

3

VIP.exe

windows7-x64

4

VIP.exe

windows10-2004-x64

4

VIPExec.exe

windows7-x64

3

VIPExec.exe

windows10-2004-x64

3

VIPUpdate.exe

windows7-x64

3

VIPUpdate.exe

windows10-2004-x64

3

VPADLL.dll

windows7-x64

3

VPADLL.dll

windows10-2004-x64

3

VPVDLL.dll

windows7-x64

3

VPVDLL.dll

windows10-2004-x64

3

advert/ad_mcu.html

windows7-x64

3

advert/ad_mcu.html

windows10-2004-x64

3

divx.dll

windows7-x64

3

divx.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    06-09-2024 01:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RedVIP5Release_91502088.exe

  • Size

    6.0MB

  • MD5

    95343e1de11b559191be2476f3fa2823

  • SHA1

    7e7279a83e764c73cbdf82c71783eb39c96cf166

  • SHA256

    ae54713c81688a2970f7179dbd3644c51d81f3306283d9d7f05fb44a09d3187d

  • SHA512

    9f7b5cfc68fb5e73815d7e8b542782ea7af0dadb1b2631c4d1cd019f1a8acc8eed4fafcc5fdff254b137174118dbaba35387104dc6e397b274e7d1f9c5f26c5c

  • SSDEEP

    98304:F39fENK1aUP1OtuCr5lthrDLMScRlwjbGSD+rpSvgATQyUHTTQ4GrZIhIhb5nBr5:UNsP1aFBhrDpcfbSDMcFUzTvAZIhIhbR

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\RedVIP5Release_91502088.exe
    "C:\Users\Admin\AppData\Local\Temp\RedVIP5Release_91502088.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2492

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsy99FF.tmp\ioSpecial.ini
    Filesize

    682B

    MD5

    4ddc9ece4e39a9d8c89f51c4f6b4f13a

    SHA1

    f3cddac3ba3e8ed9366a242ef2320aed2d066bbf

    SHA256

    849567c2835ade1287117e8b3dfb549629f5a733433a0819d0d336282ce577ed

    SHA512

    60e76b411747c6f615e69c2b39808128a8cb2b61e1c97b9aeaae875d3379e27b348447597d881f989f6d412b4105f43b15b91d923293204f9d23d9b8c7090e74

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy99FF.tmp\InstallOptions.dll
    Filesize

    12KB

    MD5

    99bc22826a0568dce241be3a4ffd0c0d

    SHA1

    62e4662250abdf10d23a61076fd7cbd00a5c5b6f

    SHA256

    120e4fac0538b7e7b75934706668063a4e7785d0405dca43fde36d55f6d968de

    SHA512

    35b016b6e2dc850e5432becd57f35faf73b180c0a6f822a406cf9d5439a87126c41c49aac025cdeecd38bbd01705ddbd8c217cb33134e978ecc9624053b52be9

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy99FF.tmp\LangDLL.dll
    Filesize

    5KB

    MD5

    d1017871e5fafca4f1a9ab0c459eb179

    SHA1

    84afd186e8523be52b9d7d693f9ada0e1d1758df

    SHA256

    fab7253d54818991c18da1a9548a31bbb8970430c1c8423474bb37747d665141

    SHA512

    f4efa4112e9c24a6bedd8063685e7f6a115ec87eeb3e0c0a463ef51dfed8a94ec7c3c146a654f39584b02b5333c038c8adff09788c8c299832d17cd71c08667c

    Download Submit