Overview
overview
10Static
static
10Bird.exe
windows7-x64
10Bird.exe
windows10-2004-x64
10CSGO FREE HACK.exe
windows7-x64
10CSGO FREE HACK.exe
windows10-2004-x64
10CSGO FREEHACK.exe
windows7-x64
3CSGO FREEHACK.exe
windows10-2004-x64
3CSGhost-v4.1.exe
windows7-x64
8CSGhost-v4.1.exe
windows10-2004-x64
10Install.exe
windows7-x64
10Install.exe
windows10-2004-x64
10Installer.exe
windows7-x64
10Installer.exe
windows10-2004-x64
10Installer2.exe
windows7-x64
10Installer2.exe
windows10-2004-x64
10Kiddions Mod MENU.exe
windows7-x64
7Kiddions Mod MENU.exe
windows10-2004-x64
7Minecraft_v4.5.exe
windows7-x64
10Minecraft_v4.5.exe
windows10-2004-x64
10Vape Crack.exe
windows7-x64
10Vape Crack.exe
windows10-2004-x64
10Vape Patch.exe
windows7-x64
10Vape Patch.exe
windows10-2004-x64
10Vape_V4.exe
windows7-x64
10Vape_V4.exe
windows10-2004-x64
10launcher.exe
windows7-x64
10launcher.exe
windows10-2004-x64
10nixware crack.exe
windows7-x64
3nixware crack.exe
windows10-2004-x64
3General
-
Target
d42bb7f95b50972680b8a5f2f68ab5bee5450fc45cf15612d45cc00b1b65f0c2
-
Size
24.1MB
-
Sample
241109-ty4zcaxgrc
-
MD5
c2fe184c336168526031e4e2e89c0f7e
-
SHA1
15f50deb50b394945f471132b9ecc8d6c0799ed9
-
SHA256
d42bb7f95b50972680b8a5f2f68ab5bee5450fc45cf15612d45cc00b1b65f0c2
-
SHA512
58ece1ef706a26913bd7577f504c3681f20e07dd4dbe8aec2dafd924bbfaf8defd591b282bb124d38f6bae0270eb7a7eadf357ae34a4c7af3801974d482657d6
-
SSDEEP
393216:BlzEKd9Eji3xnlwJIEMkSS3eqUNW/R0iTO0sagWe6CnPI7t0ePvSxG4zwuqOLBy+:zsEnGJIUOqyWPh1uJAvPvEGqwhSyFTs
Behavioral task
behavioral1
Sample
Bird.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
Bird.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
CSGO FREE HACK.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
CSGO FREE HACK.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
CSGO FREEHACK.exe
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
CSGO FREEHACK.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
CSGhost-v4.1.exe
Resource
win7-20240729-en
Behavioral task
behavioral8
Sample
CSGhost-v4.1.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
Install.exe
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
Install.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
Installer.exe
Resource
win7-20241010-en
Behavioral task
behavioral12
Sample
Installer.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
Installer2.exe
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
Installer2.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
Kiddions Mod MENU.exe
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
Kiddions Mod MENU.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
Minecraft_v4.5.exe
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
Minecraft_v4.5.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
Vape Crack.exe
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
Vape Crack.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
Vape Patch.exe
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
Vape Patch.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
Vape_V4.exe
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
Vape_V4.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
launcher.exe
Resource
win7-20241010-en
Behavioral task
behavioral26
Sample
launcher.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
nixware crack.exe
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
nixware crack.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
mercurialgrabber
https://discord.com/api/webhooks/874444160558563388/1Z__Ltngb8adeGgWdMA39QkqE4wgMqoVQlGLFgGOjNTN4MGcToQd9sV4w8rlBaE7sqmx
Extracted
redline
asap
45.14.49.109:54819
Extracted
redline
rich
95.217.248.44:11695
Extracted
redline
Ninja0812
185.92.73.140:80
Extracted
redline
boss9
109.248.201.150:63757
Extracted
redline
@bestiefFcs
37.1.213.214:63028
Extracted
redline
@krxstkrxst
jonaianell.xyz:80
Extracted
redline
@killyxu
3.68.106.170:59223
Extracted
redline
@Navi_Gator
136.244.80.139:40533
Targets
-
-
Target
Bird.exe
-
Size
1.9MB
-
MD5
2ef0cc6f0f8aa2534e103b829e270e1d
-
SHA1
c146681a98d585012791c2e9504caacba25becc9
-
SHA256
822c95f975773e71f49d3ed2c9afa87d6d27d245c7f5a4a9439278e27ee0ae64
-
SHA512
56efa1b2e849ad5d836034a3f7992edec6e24914a80a8a1a03b29953082a0e898bace35705a76ce6660188c3954370c0c63d105c3c51f03441aadb94d590ee4a
-
SSDEEP
49152:UehSFpgl8ZovDXNVBECKYLNDMBp6/FMe/MoNgd:Ue4FpglOo5KMDMBp6/FB/+
-
SectopRAT payload
-
Sectoprat family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
CSGO FREE HACK.exe
-
Size
587KB
-
MD5
19ccde66d64539ba78e681bbd037b88f
-
SHA1
e67a1f8f13caad85c34894124ad588ab6a5452a8
-
SHA256
26380f65701264b2ad7c6e7731d1cac383319cb9ba64b921c9ecb27970089fb1
-
SHA512
e96247652abf3974eb3ad9b1b68078c4b1ca1d715ca31a62939deca1019f2115d9c86f85c1e19bd909b09335c53621052a10e206d25585974dfd5195df017fff
-
SSDEEP
12288:TkoWRkGj5eA1Go7lVNkfq08KTZPqSA5HsVVbO/F9uDDm/:LYku13lw
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
SectopRAT payload
-
Sectoprat family
-
Suspicious use of SetThreadContext
-
-
-
Target
CSGO FREEHACK.exe
-
Size
1.6MB
-
MD5
378b5331c2d94bb7907bc70b8f97cbec
-
SHA1
1944ae8a089f20be5ae512e40a5deb4c3a6ad5b1
-
SHA256
ff0d60cdc768a7f3262304b27f22a9baebc8348b21cac75b85e9d59a845e5b93
-
SHA512
3a3d6fdc6d6c4a856661eff4740bb00ea209d8a62edb6e77fc3e3e64639fbdc2184be58169d9f526a8b8563882585cef614a87b49f772b283e07f4e59b5a1966
-
SSDEEP
12288:cF2hrazesEAFkphsR1GdSzE2Jlr6k0BKY4sxJ6Bwo3jRL:gEAFJ1CR6zRL
Score3/10 -
-
-
Target
CSGhost-v4.1.exe
-
Size
158KB
-
MD5
2dd7cacaab277d37dace276fc3c98f32
-
SHA1
7227f97f9539a7620ef4ff6687394bce9220d972
-
SHA256
2340f7976585cd113520b33eb51c6b57e37c6bad2fba29a48b8c7e8e784a2491
-
SHA512
df73194f1adeff94942ff01e4161a836b642d02a5da564a0b8388936b1a1c7e0018779e49cfef38e8523c032d31bf34dc0fce7fad3185a57d5a20a616eb46520
-
SSDEEP
3072:mSKJbzx0eTzNRvcF9mOQEUzJw4xE+vn84Tt4dVmfyu5ytLNoH:pWztTz709mVEUzvydVk5ytLN
-
Xmrig family
-
XMRig Miner payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
-
-
Target
Install.exe
-
Size
317KB
-
MD5
cf31bb1b26f00448ed2f1359d403fa59
-
SHA1
22ab9cc3bdce1e177f5fac0e745229dacde1d07a
-
SHA256
1d322ad6c295b0ee8a552e96ac231c4d9259141c9ed22f7319c7f169eaecee71
-
SHA512
05541d9938c80c860e18cd29e3b708000fb90a89f217a1cf0faf2ced29c26dfb6dd395d12178e34f72ab386991f21cba71f8659fd99a649c81b4bf65ae86d998
-
SSDEEP
6144:QJ5m8CQqj8bx5yoZQPg7nju+dEd7DhTd+IJN00nm7knGyHM:QJ5s8VkoZmg7fdEd7VhxZmI
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
SectopRAT payload
-
Sectoprat family
-
-
-
Target
Installer.exe
-
Size
1.1MB
-
MD5
2d50222f6b702083c73d10e94eaaef9f
-
SHA1
dcce81eecbb46ef3963c8b4ad30f2ec3b14d2056
-
SHA256
80752bd3e74c165e9c88fee2b806b67641f6cdae222d4ef9f5bc433f8501e767
-
SHA512
10482897831ef7cf9ffc117e41e876c212f26c2f6cc4a8e089ee3990f64dde296d4d3c5fa5bcdab9c4f01ce71a4f864d43876c6f23f5fd2f64f97e66a50dcdfa
-
SSDEEP
24576:rRzS4127aD0WEjwizMRjgynPEeyTYQ/MuRJNObPztSC:I412GD0WEkihNYQZBObn
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
SectopRAT payload
-
Sectoprat family
-
Suspicious use of SetThreadContext
-
-
-
Target
Installer2.exe
-
Size
448KB
-
MD5
e913219e5f91222d184ecc758088ef02
-
SHA1
e3e9a88a115f3661d55655a096b013f192b93a05
-
SHA256
9dc934f7f22e493a1c1d97107edc85ccce4e1be155b2cc038be8d9a57b2e430f
-
SHA512
879406edaaf7b4956c535c93d067f485e660309ffa7d9a40b1de4eac0fe6e59c0497f93960c5b280df29c91bc6e232c2b0311f6582aabb5b264c43b1dea3505b
-
SSDEEP
12288:OdQGx+KnXxFfjAQaKXGBmpO7AJ7Lgm9j7:OdvPjfav0pNJLgm9j7
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
SectopRAT payload
-
Sectoprat family
-
Suspicious use of SetThreadContext
-
-
-
Target
Kiddions Mod MENU.exe
-
Size
142KB
-
MD5
0bc5ae5e0021fccd9bff9f64f686f043
-
SHA1
06e779dae148031e6294ecf0cc5e135da09811b4
-
SHA256
e0aca3b1e2806672143d256e87812294fe04f1ea95625979e3b9d64b951449db
-
SHA512
ac306d51feaddbc4f733963314b48aeb50a1a707bea90d3347dcf832d59ae96da6775e73760d6899066cdbcb11370ad26e5b901447fd8be2133fbbe6143b6414
-
SSDEEP
3072:FvcjAFss11pSyRNKB2c3XEECZOX0ByrzwZ+Tlttu6OcTy+Dp1jWT39Y7umZZWDpT:Fvt11pxIuZOX0ByrzwZ+Zv9WqumZZ1Pb
-
-
-
Target
Minecraft_v4.5.exe
-
Size
1.3MB
-
MD5
95692ea1f96acdc98fe565323e8a85e3
-
SHA1
f51b89233440a81d86295074fbfb3d2958d49325
-
SHA256
df3731e797b1f9dc07e772747e9fb1a2ca62ca7c8823f3df96eb8c20f6ee0912
-
SHA512
1699d38a87b219b8c33c8ad6a77f2122e71b97d587d8f76b1657e8db76c606fae5d8a38bacd7d61fee3c5a889c6059a82f6cbe6a08c2d1db3773b7d843b4026a
-
SSDEEP
12288:e8PUAoMZQaktUC04YqZrkPrkxChx4S95dmWT:eW/x6o4fZgPrkxChx4I5dvT
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
SectopRAT payload
-
Sectoprat family
-
Suspicious use of SetThreadContext
-
-
-
Target
Vape Crack.exe
-
Size
356KB
-
MD5
179dbbdb6e22f978115168d87a70ab33
-
SHA1
324a73e17fdcada034d3ad841286f9d6b5873fcb
-
SHA256
258445b5c086f67d1157c2998968bad83a64ca3bab88bfd9d73654819bb46463
-
SHA512
237a58b819f086f9ed2215e99d7b13ed027d252e47a3ba17deb5b28e3db27f853f2d2d75bdbfb3b875dec8dc0fa4fb059e3be6e41dc3b47b2020c2298a6b0358
-
SSDEEP
6144:zo9QlVmhcIS/rwO+l7qYspB2NnYXmJ8tuy2a9W17fyF45pDBKoydJ:zdxrwHRqxQNYXO8tt2aw1DyWPDO
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
SectopRAT payload
-
Sectoprat family
-
System Binary Proxy Execution: Regsvcs/Regasm
Abuse Regasm to proxy execution of malicious code.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
Vape Patch.exe
-
Size
1.3MB
-
MD5
8454f382107d764cc0ba8c1df3b7d7b5
-
SHA1
797833088a010068fdc0a9b8becdd14f3166f7b8
-
SHA256
7a5e1184dafbeff212207211036f9014ae1d16b34b8118be275144e40de13bb7
-
SHA512
b382346d2a0b9c77808d0763d0ceff2e1c94b2ea937c3025c721fe528bc64450b1f37c486ed25dd666fe98671784de16535bbeecf8418f58fcfa630c25c000f6
-
SSDEEP
12288:NhsR1GdSzE2JlHb+Z8+EPu+p+/YrQwo54:O1CZ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
SectopRAT payload
-
Sectoprat family
-
Suspicious use of SetThreadContext
-
-
-
Target
Vape_V4.exe
-
Size
42KB
-
MD5
66d4d4a5ffc881a66788b56b7f91377e
-
SHA1
549564df32fbca9768b0fd23719f186182c628fe
-
SHA256
4a1ca570b3bd7efe98b5cd8a5532dd68f99364907346f90170bcfdffe00a1703
-
SHA512
623d0279f39e8ea648beec57bbb5ea86466b0430db90248c477293addbd0d06e07e879c1f2b1276702e853da4e984046f848c28a4c56a38dab26e1b6ecb22766
-
SSDEEP
384:hLcfjaRCmI42zbh4zthWN/XTNTW8s/XZxIh/PoJEFq5nmHmTAs8KQsLd/SfgUfAk:KRhQGN/jNxuZhLqmTj8KZKfgm3Eha7
Score10/10-
Mercurial Grabber Stealer
Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.
-
Mercurialgrabber family
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
-
-
Target
launcher.exe
-
Size
378KB
-
MD5
36aeb708e396c2627e52d8c50d8ea287
-
SHA1
e1bd5ab1cb291915db4e3d03b0e88b4dc737f53a
-
SHA256
b35f6e33f997d11867056950aae71610d3bbef64eb443db3aed8a49cc850e226
-
SHA512
1ad276b880dd136f4364ccf0361d8ef3c790a6f178c39f1fd0c365b93f789595c7060f90020b7b4f0592a3c0f64444b194c83fc7652ffbad3afa5f14b8574a6d
-
SSDEEP
6144:OthUfR1Gfk0EAspZJVN9htIBVnUxFMO8F/vZmMYGhwPgL9x4mN:OthsR1Gfk0EAsZVN9htIBVnUxFMO8F/f
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
SectopRAT payload
-
Sectoprat family
-
Suspicious use of SetThreadContext
-
-
-
Target
nixware crack.exe
-
Size
19.6MB
-
MD5
bddd6ad4c8b66a3f551fdc47d6e12c53
-
SHA1
e8b4a0e7918eb4641ce971df0020bf318b5f6788
-
SHA256
105897c4dd3369b8c8ae8956ef2e8d945c33e7172022d81e0791546d9c17b21f
-
SHA512
79f791d0b510a1627669072060a2c99f25402a40ce5eef404a0e8c31aa06f9656f2104c83003618272a9eddab800987e6d0dfadaba34010f066181bdcb9a264a
-
SSDEEP
393216:Vyyv/JNbIZNv1bLTMZN5GTRWTjzMPpDcFBxxkhwgA1LivT2ts+oKs6yCZZh:VLTcB1QZiTATjwZNuLivT2ts+oRCjh
Score3/10 -
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1System Binary Proxy Execution
1Regsvcs/Regasm
1Virtualization/Sandbox Evasion
3Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1