General
-
Target
RRN V2.zip
-
Size
32.4MB
-
Sample
241016-at25eayaqr
-
MD5
05c83d8701fc449e5d6f5280f7935126
-
SHA1
ad86e751d567a53cd43fbf52733f92f845698757
-
SHA256
99e3a0d588ff5bf3d77151194176c2c558219aa1453ff74b1df00b8e6c1ae70d
-
SHA512
193be42f96674869ecfb57185730a92f2fb9ee39b06ecb304c50f68ff19f028a2e822d1e7d76d298fd7eca74d6ad2d317999ac145dfc13da25fa50d9dd3e4ad5
-
SSDEEP
786432:dl3xUEKv+y/vxqQjf0DzI019bbSVpM840f6zps:XmEI/nr0fBzvipws
Malware Config
Targets
-
-
Target
RRN V2/RRN V2.exe
-
Size
19.0MB
-
MD5
010be43f4f4a82d233f2f612408e84ef
-
SHA1
ad4cc700fb684ca3859b0284f524eaaa42044599
-
SHA256
f6ef0ceb19bce81a811b2aaa44209412c1bf3c1aa93cda9121aa452c0824e9bb
-
SHA512
169a09f68618a99919ec7b8c21e820183783dc6e7827952b7ea9862cf4d12e000ac48d0d59999118501cdb6b2bb4d91d9e5ab42ddff71f9f5d7d736e98f6c815
-
SSDEEP
393216:FQqPnLFXlrmQMDOETgs77fGi2genOevE5vDP1JJeq:LPLFXNmQRE7mfn6BD1j
Score7/10-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
RRN V2/_internal/VCRUNTIME140.dll
-
Size
116KB
-
MD5
be8dbe2dc77ebe7f88f910c61aec691a
-
SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40
-
SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83
-
SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655
-
SSDEEP
1536:+qvQ1Dj2DkX7OcujarvmdlYNABCmgrP4ddbkZIecbWcFML/UXzlghzdMFw84hzk:+qvQ1D2CreiABCmgYecbWVLUD6h+b4ho
Score1/10 -
-
-
Target
RRN V2/_internal/VCRUNTIME140_1.dll
-
Size
48KB
-
MD5
f8dfa78045620cf8a732e67d1b1eb53d
-
SHA1
ff9a604d8c99405bfdbbf4295825d3fcbc792704
-
SHA256
a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5
-
SHA512
ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371
-
SSDEEP
768:wPIyGVrxmKqOnA4j3z6Su77A+i0QLxi9z9Rtii9zn+:fBr87uW1nA8QLx+zrti+zn+
Score1/10 -
-
-
Target
RRN V2/_internal/_asyncio.pyd
-
Size
69KB
-
MD5
477dba4d6e059ea3d61fad7b6a7da10e
-
SHA1
1f23549e60016eeed508a30479886331b22f7a8b
-
SHA256
5bebeb765ab9ef045bc5515166360d6f53890d3ad6fc360c20222d61841410b6
-
SHA512
8119362c2793a4c5da25a63ca68aa3b144db7e4c08c80cbe8c8e7e8a875f1bd0c30e497208ce20961ddb38d3363d164b6e1651d3e030ed7b8ee5f386faf809d2
-
SSDEEP
1536:VoxWFyB9uENvvAdAkc0TTILNPIasWxtISOno7Sysxg:ViWFyRNv4drc0TTILNPfsgtISOnoN
Score1/10 -
-
-
Target
RRN V2/_internal/_brotli.cp312-win_amd64.pyd
-
Size
802KB
-
MD5
9ad5bb6f92ee2cfd29dde8dd4da99eb7
-
SHA1
30a8309938c501b336fd3947de46c03f1bb19dc8
-
SHA256
788acbfd0edd6ca3ef3e97a9487eeaea86515642c71cb11bbcf25721e6573ec8
-
SHA512
a166abcb834d6c9d6b25807adddd25775d81e2951e1bc3e9849d8ae868dedf2e1ee1b6b4b288ddfbd88a63a6fa624e2d6090aa71ded9b90c2d8cbf2d9524fdbf
-
SSDEEP
12288:wA0uu7wLKRemz/MfQuZ3ekAHhly782XTw05nmZfRJ:wfTdkAFtAmZfRJ
Score1/10 -
-
-
Target
RRN V2/_internal/_bz2.pyd
-
Size
83KB
-
MD5
5bebc32957922fe20e927d5c4637f100
-
SHA1
a94ea93ee3c3d154f4f90b5c2fe072cc273376b3
-
SHA256
3ed0e5058d370fb14aa5469d81f96c5685559c054917c7280dd4125f21d25f62
-
SHA512
afbe80a73ee9bd63d9ffa4628273019400a75f75454667440f43beb253091584bf9128cbb78ae7b659ce67a5faefdba726edb37987a4fe92f082d009d523d5d6
-
SSDEEP
1536:i2sz7yc51BVo1QX/FPI11IK1cDm015ssO687sjkD1ISCV087Syyxt+:dsz2c5eQXB4am05spd7MkD1ISCVzL
Score1/10 -
-
-
Target
RRN V2/_internal/_cffi_backend.cp312-win_amd64.pyd
-
Size
178KB
-
MD5
0572b13646141d0b1a5718e35549577c
-
SHA1
eeb40363c1f456c1c612d3c7e4923210eae4cdf7
-
SHA256
d8a76d1e31bbd62a482dea9115fc1a109cb39af4cf6d1323409175f3c93113a7
-
SHA512
67c28432ca8b389acc26e47eb8c4977fddd4af9214819f89df07fecbc8ed750d5f35807a1b195508dd1d77e2a7a9d7265049dcfbfe7665a7fd1ba45da1e4e842
-
SSDEEP
3072:YRAMUp3K6YoDssyudy4VcRG+nR3hnW3mjwwOdkS9S7iSSTLkK/jftw3buz:Y6MyK65ssy+MG+LnSUwjD9zSSTLL/jl8
Score1/10 -
-
-
Target
RRN V2/_internal/_ctypes.pyd
-
Size
122KB
-
MD5
fb454c5e74582a805bc5e9f3da8edc7b
-
SHA1
782c3fa39393112275120eaf62fc6579c36b5cf8
-
SHA256
74e0e8384f6c2503215f4cf64c92efe7257f1aec44f72d67ad37dc8ba2530bc1
-
SHA512
727ada80098f07849102c76b484e9a61fb0f7da328c0276d82c6ee08213682c89deeb8459139a3fbd7f561bffaca91650a429e1b3a1ff8f341cebdf0bfa9b65d
-
SSDEEP
3072:CXw32spTVYgFoj6N2xE9sb7VFf/EkZBq5syCtYPU9pISLPTj:CgGEOgFoj68ksTf/ENs7
Score1/10 -
-
-
Target
RRN V2/_internal/_decimal.pyd
-
Size
251KB
-
MD5
492c0c36d8ed1b6ca2117869a09214da
-
SHA1
b741cae3e2c9954e726890292fa35034509ef0f6
-
SHA256
b8221d1c9e2c892dd6227a6042d1e49200cd5cb82adbd998e4a77f4ee0e9abf1
-
SHA512
b8f1c64ad94db0252d96082e73a8632412d1d73fb8095541ee423df6f00bc417a2b42c76f15d7e014e27baae0ef50311c3f768b1560db005a522373f442e4be0
-
SSDEEP
6144:vnXBJvhy8AJOMg4hmRWw710z4ez9qWM53pLW1AW/ZJJJWtCk1mGc:ByJJOMiRW+10EHFpNc
Score1/10 -
-
-
Target
RRN V2/_internal/_hashlib.pyd
-
Size
64KB
-
MD5
da02cefd8151ecb83f697e3bd5280775
-
SHA1
1c5d0437eb7e87842fde55241a5f0ca7f0fc25e7
-
SHA256
fd77a5756a17ec0788989f73222b0e7334dd4494b8c8647b43fe554cf3cfb354
-
SHA512
a13bc5c481730f48808905f872d92cb8729cc52cfb4d5345153ce361e7d6586603a58b964a1ebfd77dd6222b074e5dcca176eaaefecc39f75496b1f8387a2283
-
SSDEEP
1536:JgHpgE4Z27b4ZWZnEmIAtISOIx7SyZUxN:i14ZeEmIAtISOIx7+
Score1/10 -
-
-
Target
RRN V2/_internal/_lzma.pyd
-
Size
156KB
-
MD5
195defe58a7549117e06a57029079702
-
SHA1
3795b02803ca37f399d8883d30c0aa38ad77b5f2
-
SHA256
7bf9ff61babebd90c499a8ed9b62141f947f90d87e0bbd41a12e99d20e06954a
-
SHA512
c47a9b1066dd9744c51ed80215bd9645aab6cc9d6a3f9df99f618e3dd784f6c7ce6f53eabe222cf134ee649250834193d5973e6e88f8a93151886537c62e2e2b
-
SSDEEP
3072:Bsvkxuqgo7e2uONqG+hi+CSznfF9mNopXnmnu1ISZ1Vk:BnuFo7Jg1NYOp2uO
Score1/10 -
-
-
Target
RRN V2/_internal/_multiprocessing.pyd
-
Size
34KB
-
MD5
2bd43e8973882e32c9325ef81898ae62
-
SHA1
1e47b0420a2a1c1d910897a96440f1aeef5fa383
-
SHA256
3c34031b464e7881d8f9d182f7387a86b883581fd020280ec56c1e3ec6f4cc2d
-
SHA512
9d51bbd25c836f4f5d1fb9b42853476e13576126b8b521851948bdf08d53b8d4b4f66d2c8071843b01aa5631abdf13dc53c708dba195656a30f262dce30a88ca
-
SSDEEP
768:W1Rp7eiajKCQnAxQ0zdudISWtl5YiSyvUAMxkEk:CRteiauAxQ0zIdISWtr7SyaxA
Score1/10 -
-
-
Target
RRN V2/_internal/_overlapped.pyd
-
Size
54KB
-
MD5
7e4553ca5c269e102eb205585cc3f6b4
-
SHA1
73a60dbc7478877689c96c37107e66b574ba59c9
-
SHA256
d5f89859609371393d379b5ffd98e5b552078050e8b02a8e2900fa9b4ee8ff91
-
SHA512
65b72bc603e633596d359089c260ee3d8093727c4781bff1ec0b81c8244af68f69ff3141424c5de12355c668ae3366b4385a0db7455486c536a13529c47b54ef
-
SSDEEP
1536:Zinr44gaZPXxCJ/+yZdDDrhISXtl7SyVxy:ZXJ/+yZdDDrhISXtlM
Score1/10 -
-
-
Target
RRN V2/_internal/_queue.pyd
-
Size
31KB
-
MD5
b7e5fbd7ef3eefff8f502290c0e2b259
-
SHA1
9decba47b1cdb0d511b58c3146d81644e56e3611
-
SHA256
dbdabb5fe0ccbc8b951a2c6ec033551836b072cab756aaa56b6f22730080d173
-
SHA512
b7568b9df191347d1a8d305bd8ddd27cbfa064121c785fa2e6afef89ec330b60cafc366be2b22409d15c9434f5e46e36c5cbfb10783523fdcac82c30360d36f7
-
SSDEEP
768:xOz+R6rbVKMoNpISQUA5YiSyv86lAMxkEzc:xjgbVJoNpISQUS7SyU6dxPc
Score1/10 -
-
-
Target
RRN V2/_internal/_ssl.pyd
-
Size
174KB
-
MD5
c87c5890039c3bdb55a8bc189256315f
-
SHA1
84ef3c2678314b7f31246471b3300da65cb7e9de
-
SHA256
a5d361707f7a2a2d726b20770e8a6fc25d753be30bcbcbbb683ffee7959557c2
-
SHA512
e750dc36ae00249ed6da1c9d816f1bd7f8bc84ddea326c0cd0410dbcfb1a945aac8c130665bfacdccd1ee2b7ac097c6ff241bfc6cc39017c9d1cde205f460c44
-
SSDEEP
3072:AHtmUArl7bOGLbfbmeq2wfq6XDQJsY2GvMe1ba+VRJNI7IM/H9o/PCrXuI51ISCQ:Ym5lfOGLbjBOq6XD4MejTGl
Score1/10 -
-
-
Target
RRN V2/_internal/_tcl_data/auto.tcl
-
Size
21KB
-
MD5
08edf746b4a088cb4185c165177bd604
-
SHA1
395cda114f23e513eef4618da39bb86d034124bf
-
SHA256
517204ee436d08efc287abc97433c3bffcaf42ec6592a3009b9fd3b985ad772c
-
SHA512
c1727e265a6b0b54773c886a1bce73512e799ba81a4fceeeb84cdc33f5505a5e0984e96326a78c46bf142bc4652a80e213886f60eb54adf92e4dffe953c87f6b
-
SSDEEP
384:UqT9XC9VZv9QXCTxsCTHI7672ORgS0mzBvxFRTX7Xvt3wBTnFXhCUvuyqz:LT9XC9VZviXCVsCLI7JlmzBvTxvt3gTW
Score1/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1