Overview

overview

7

Static

static

7

RedVIP5Rel...88.exe

windows7-x64

7

RedVIP5Rel...88.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

DLLCLT.dll

windows7-x64

3

DLLCLT.dll

windows10-2004-x64

3

DownLoad/attrib.exe

windows7-x64

3

DownLoad/attrib.exe

windows10-2004-x64

3

DownLoad/rar.exe

windows7-x64

3

DownLoad/rar.exe

windows10-2004-x64

3

McuFlash/Download.exe

windows7-x64

3

McuFlash/Download.exe

windows10-2004-x64

3

RedVIPControls.dll

windows7-x64

3

RedVIPControls.dll

windows10-2004-x64

3

VIP.exe

windows7-x64

4

VIP.exe

windows10-2004-x64

4

VIPExec.exe

windows7-x64

3

VIPExec.exe

windows10-2004-x64

3

VIPUpdate.exe

windows7-x64

3

VIPUpdate.exe

windows10-2004-x64

3

VPADLL.dll

windows7-x64

3

VPADLL.dll

windows10-2004-x64

3

VPVDLL.dll

windows7-x64

3

VPVDLL.dll

windows10-2004-x64

3

advert/ad_mcu.html

windows7-x64

3

advert/ad_mcu.html

windows10-2004-x64

3

divx.dll

windows7-x64

3

divx.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    94s
  • max time network
    99s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/09/2024, 01:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RedVIP5Release_91502088.exe

  • Size

    6.0MB

  • MD5

    95343e1de11b559191be2476f3fa2823

  • SHA1

    7e7279a83e764c73cbdf82c71783eb39c96cf166

  • SHA256

    ae54713c81688a2970f7179dbd3644c51d81f3306283d9d7f05fb44a09d3187d

  • SHA512

    9f7b5cfc68fb5e73815d7e8b542782ea7af0dadb1b2631c4d1cd019f1a8acc8eed4fafcc5fdff254b137174118dbaba35387104dc6e397b274e7d1f9c5f26c5c

  • SSDEEP

    98304:F39fENK1aUP1OtuCr5lthrDLMScRlwjbGSD+rpSvgATQyUHTTQ4GrZIhIhb5nBr5:UNsP1aFBhrDpcfbSDMcFUzTvAZIhIhbR

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\RedVIP5Release_91502088.exe
    "C:\Users\Admin\AppData\Local\Temp\RedVIP5Release_91502088.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:1468

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsx8C24.tmp\InstallOptions.dll
    Filesize

    12KB

    MD5

    99bc22826a0568dce241be3a4ffd0c0d

    SHA1

    62e4662250abdf10d23a61076fd7cbd00a5c5b6f

    SHA256

    120e4fac0538b7e7b75934706668063a4e7785d0405dca43fde36d55f6d968de

    SHA512

    35b016b6e2dc850e5432becd57f35faf73b180c0a6f822a406cf9d5439a87126c41c49aac025cdeecd38bbd01705ddbd8c217cb33134e978ecc9624053b52be9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsx8C24.tmp\LangDLL.dll
    Filesize

    5KB

    MD5

    d1017871e5fafca4f1a9ab0c459eb179

    SHA1

    84afd186e8523be52b9d7d693f9ada0e1d1758df

    SHA256

    fab7253d54818991c18da1a9548a31bbb8970430c1c8423474bb37747d665141

    SHA512

    f4efa4112e9c24a6bedd8063685e7f6a115ec87eeb3e0c0a463ef51dfed8a94ec7c3c146a654f39584b02b5333c038c8adff09788c8c299832d17cd71c08667c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsx8C24.tmp\ioSpecial.ini
    Filesize

    682B

    MD5

    c6c267cfb1f77b242bfe16cebf4882a1

    SHA1

    4f1814116ce8a3814d6a56669b84ac6d70367573

    SHA256

    b149aa4130a9df39402cc754075b1bcfd895603189ad8ef96c317cfe7313a327

    SHA512

    59db32538c94f99dc2679b5c8148a6c272499d3f58bd8f2719c11a99b82c0837b739a5373a5b1fc578cdacf4a683a8bca11d8596fb84703b1ccb03f5a02853dd

    Download Submit