Overview
overview
10Static
static
70hS8ndFapM...Jf.exe
windows7-x64
100hS8ndFapM...Jf.exe
windows10-2004-x64
100rr48RlGuy...xg.exe
windows7-x64
80rr48RlGuy...xg.exe
windows10-2004-x64
821oenuW1qn...e5.exe
windows7-x64
1021oenuW1qn...e5.exe
windows10-2004-x64
1025jZMPTiQq...9r.exe
windows7-x64
1025jZMPTiQq...9r.exe
windows10-2004-x64
1028NEs4WOAb...Dx.exe
windows7-x64
928NEs4WOAb...Dx.exe
windows10-2004-x64
92DWwzYoIDs...wH.exe
windows7-x64
102DWwzYoIDs...wH.exe
windows10-2004-x64
104sqg3EO3n4...E3.exe
windows7-x64
104sqg3EO3n4...E3.exe
windows10-2004-x64
106IvhC9RrHt...Qm.exe
windows7-x64
106IvhC9RrHt...Qm.exe
windows10-2004-x64
106K69WRpYoP...wA.exe
windows7-x64
36K69WRpYoP...wA.exe
windows10-2004-x64
76RVcR1WSzn...fp.exe
windows7-x64
36RVcR1WSzn...fp.exe
windows10-2004-x64
77UwyHmKx00...KA.exe
windows7-x64
97UwyHmKx00...KA.exe
windows10-2004-x64
988wncypnTK...tt.exe
windows7-x64
88wncypnTK...tt.exe
windows10-2004-x64
18Jw_RggGj5...71.exe
windows7-x64
78Jw_RggGj5...71.exe
windows10-2004-x64
7A04WVFPeCH...H9.exe
windows7-x64
10A04WVFPeCH...H9.exe
windows10-2004-x64
10A5ulgq_bFX...0Z.exe
windows7-x64
10A5ulgq_bFX...0Z.exe
windows10-2004-x64
10AU3ie6Mv1v...zZ.exe
windows7-x64
10AU3ie6Mv1v...zZ.exe
windows10-2004-x64
10General
-
Target
dbdb54d5a90130e3370590c7e07b2e3146f8578305554ba3ed11aab579a3dd3f
-
Size
42.9MB
-
Sample
241110-n8gnxawjgs
-
MD5
9bd323b096b17d8a95acab77d3c2ea60
-
SHA1
773114b5a64bc79b51b15a38a8040c660126e782
-
SHA256
dbdb54d5a90130e3370590c7e07b2e3146f8578305554ba3ed11aab579a3dd3f
-
SHA512
fac8a4fb4240924a4c3b39e99cb8af62ada57aeb81acf4de8466de6c16fd11a058972fb7b6d204c850aef1612e2a18835c0d9f871a8f3bf0fac044580052f367
-
SSDEEP
786432:v59nC1y5oIQtk1IAUOjs62CK4hXdpI4roOiL210PW/+5OSV59nC1y5GK4hXdpNSB:vbC1GzFRsQK4NGInSVbC1GGK4NNox
Behavioral task
behavioral1
Sample
0hS8ndFapMyi9bpBTCoeqfJf.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
0hS8ndFapMyi9bpBTCoeqfJf.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
0rr48RlGuyf8MbsABD4Fd5xg.exe
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
0rr48RlGuyf8MbsABD4Fd5xg.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
21oenuW1qnqk7qUsHH7Z2We5.exe
Resource
win7-20241010-en
Behavioral task
behavioral6
Sample
21oenuW1qnqk7qUsHH7Z2We5.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
25jZMPTiQqNIVH0Cs2hi6z9r.exe
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
25jZMPTiQqNIVH0Cs2hi6z9r.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
28NEs4WOAbFCrw46bjrvW6Dx.exe
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
28NEs4WOAbFCrw46bjrvW6Dx.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
2DWwzYoIDsZeXAHrWMUgq7wH.exe
Resource
win7-20241010-en
Behavioral task
behavioral12
Sample
2DWwzYoIDsZeXAHrWMUgq7wH.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
4sqg3EO3n4bilXTOwELzdyE3.exe
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
4sqg3EO3n4bilXTOwELzdyE3.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
6IvhC9RrHtvRf0BCVttVUFQm.exe
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
6IvhC9RrHtvRf0BCVttVUFQm.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
6K69WRpYoPgt3vIoWRXmpAwA.exe
Resource
win7-20241010-en
Behavioral task
behavioral18
Sample
6K69WRpYoPgt3vIoWRXmpAwA.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
6RVcR1WSznUXUS8RtLypZMfp.exe
Resource
win7-20241010-en
Behavioral task
behavioral20
Sample
6RVcR1WSznUXUS8RtLypZMfp.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
7UwyHmKx00aB7vI0W6MvnkKA.exe
Resource
win7-20240729-en
Behavioral task
behavioral22
Sample
7UwyHmKx00aB7vI0W6MvnkKA.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
88wncypnTKvKj7Uwab0iiutt.exe
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
88wncypnTKvKj7Uwab0iiutt.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
8Jw_RggGj5lBX2auQAnIQe71.exe
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
8Jw_RggGj5lBX2auQAnIQe71.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
A04WVFPeCHaejSnQmBHCogH9.exe
Resource
win7-20240708-en
Behavioral task
behavioral28
Sample
A04WVFPeCHaejSnQmBHCogH9.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
A5ulgq_bFXMyWAYNZZbTBZ0Z.exe
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
A5ulgq_bFXMyWAYNZZbTBZ0Z.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
AU3ie6Mv1vmus72LuhNF2jzZ.exe
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
AU3ie6Mv1vmus72LuhNF2jzZ.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
205.185.119.191:18846
Extracted
redline
build2
91.142.77.189:61524
Extracted
redline
23.08
95.181.172.100:55640
Extracted
danabot
4
23.229.29.48:443
5.9.224.204:443
192.210.222.81:443
-
embedded_hash
0E1A7A1479C37094441FA911262B322A
-
type
loader
Extracted
smokeloader
pub1
Extracted
ffdroider
http://152.32.151.93
Targets
-
-
Target
0hS8ndFapMyi9bpBTCoeqfJf.exe
-
Size
359KB
-
MD5
73ca4c10afa6a3f712facb40aa8254ae
-
SHA1
ad824606d6c465a46296b736e8fa116bb67309a3
-
SHA256
d8f723849493f85b6bd44cf8b94261f30ff26fa3080d5e53b537a5eacfdd873d
-
SHA512
9c71e25022b678025a0465c8b5e92f99f2a957c4c3601b6e1617c48e19881e36da94c3ac87d6b05a6116088137be69fc67e61cbd8eac9dc8da26bbde571de907
-
SSDEEP
6144:W5cg4yf/CHeM7JSjrkIKN3xyGUyOxDIjl+WMIzgjnHwpR3G8WhQg1CM1SzQf+:Tgffa+Mt1zhUBxDi4WQHxJQwZg/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
SectopRAT payload
-
Sectoprat family
-
-
-
Target
0rr48RlGuyf8MbsABD4Fd5xg.exe
-
Size
1.1MB
-
MD5
3b4348d187f24c82370836531f3fa94e
-
SHA1
a2ca4e9f4a8d9c8634e42765e90e252803e20b15
-
SHA256
cd189a8c952420bf33b68cce03b41900e8c784b1010213b097ecdb2d7e8079f7
-
SHA512
2bab3c1e38a21cefc06363db75931bf3bfe0b4ee3f089293a750dfc866abc32c7135d2d9ba7ccb005aa01ad02d0a75a5fa02f85ca78cc8fe637615b7fa9e7394
-
SSDEEP
24576:eDTLDJqGd+zowht2zmctw1CdvHh82JdjGY6LvxwAgRp54+/jrNtIf:qzdkBTce1CxHh8mlGY6LJBu54MjJaf
Score8/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
21oenuW1qnqk7qUsHH7Z2We5.exe
-
Size
273KB
-
MD5
ac7f28f999ef6657abc24673642b518a
-
SHA1
37c701301ba28e8329f7c990a790320d021331a0
-
SHA256
46d153d7d517ea834af83364c01388f5c4af458c359625244aa7bac158e8bff2
-
SHA512
d45fe4a99c81d2221ebb4b537a23ac2a64e05defb8c789eb8a716af30685d2ca5963e8caeadcaec74e5ea588311ea59509077f14870193408114b261e7b97370
-
SSDEEP
6144:38Gjn4iGmFj3lToLMjHxWs0YMaGahpgxSDj4SmsLdnAJ:jnfGmRVTL74mpgSDkudnA
Score10/10-
Smokeloader family
-
-
-
Target
25jZMPTiQqNIVH0Cs2hi6z9r.exe
-
Size
1.7MB
-
MD5
6753c0fadc839415e31b170b5df98fc7
-
SHA1
7adbd92546bc0516013c0f6832ea272cf0606c60
-
SHA256
01550ee84ac5a220197177182fd2f3f9c9e845b416d06a384384e3cd62ecb569
-
SHA512
92c0264046f1293b02ccccbb3cb5b80510d2d3a1d1caff23815adb4c715d0aced08e57682c6dcb76fdca70eb46bc819db2a763f050f74de27fbb3946dca504ab
-
SSDEEP
49152:pAI+r+g7ELp4UtaupKvwS9IBfgUtckcL1YsNP:pAI+CvK88wScgUAL1Ys5
-
Detect Fabookie payload
-
FFDroider payload
-
Fabookie family
-
Ffdroider family
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
28NEs4WOAbFCrw46bjrvW6Dx.exe
-
Size
2.5MB
-
MD5
f4f313d1f82fa87e710bd947a3667384
-
SHA1
6ac08dd818b3dac502041508399f8c6392668521
-
SHA256
492f4d8cae0b2cd6105f089b368d322bf6e388a803890f5196d5ccc4ac85bb04
-
SHA512
97e4af0f46fa9e9b3d5a916af3a50bb6c9ba4df8fd5d63c63764f2a421f0eb04b4d48df2293152dcbe6184ffeb8adb9552d250aaab0e2f95ffdea443a853b59a
-
SSDEEP
49152:zKQVnnBfPya5I4GMsUvwYcD9mKDGYNUe5hBlg1RIpxfFF:vtBXPTG74wYtiGY73xj
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
2DWwzYoIDsZeXAHrWMUgq7wH.exe
-
Size
589KB
-
MD5
34c76bcc1506b513c7a1ac605c045c4e
-
SHA1
271c6b3853e33e039242da7cf8f4465c48e90d2e
-
SHA256
1e7f2339065e8a6909eea27f090499a1af6427d1563ceac0cd25c916c637d29d
-
SHA512
cb2170b5fa492dcb7df54cfd7f4ad94214de98face0f1710cbad749c79bf322ea1106ace723520486bdeabdf0aa2eefbf70dcc060d61fcda1124298225c36865
-
SSDEEP
12288:fhdKHkwkYGXXRJRC7ijHRAWteLwnHdYnXQ6mr4ZFrUD:fzKYQv
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
SectopRAT payload
-
Sectoprat family
-
Suspicious use of SetThreadContext
-
-
-
Target
4sqg3EO3n4bilXTOwELzdyE3.exe
-
Size
359KB
-
MD5
73ca4c10afa6a3f712facb40aa8254ae
-
SHA1
ad824606d6c465a46296b736e8fa116bb67309a3
-
SHA256
d8f723849493f85b6bd44cf8b94261f30ff26fa3080d5e53b537a5eacfdd873d
-
SHA512
9c71e25022b678025a0465c8b5e92f99f2a957c4c3601b6e1617c48e19881e36da94c3ac87d6b05a6116088137be69fc67e61cbd8eac9dc8da26bbde571de907
-
SSDEEP
6144:W5cg4yf/CHeM7JSjrkIKN3xyGUyOxDIjl+WMIzgjnHwpR3G8WhQg1CM1SzQf+:Tgffa+Mt1zhUBxDi4WQHxJQwZg/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
SectopRAT payload
-
Sectoprat family
-
-
-
Target
6IvhC9RrHtvRf0BCVttVUFQm.exe
-
Size
1.1MB
-
MD5
2b0e445c62830c383077959a8f07289e
-
SHA1
40c24d7e6dc8fcb68b00b0e8c21a2dc0aed0e34b
-
SHA256
9a9903020d8134184e850dd7069d26734ca07cb0dd87bbde15919587ced1d3a1
-
SHA512
6a20481b88c9f124b2fb8f620e2e6adcc53116f8d2829c5cf915fbfcba4ce0b45e053ebd547918b7a7c95615508f1dcf89f274b3430ea3d0b6de995edb9c644c
-
SSDEEP
24576:OF+drpnEdh3f7/zqT3bdDtm3I00oigJf34hbHnSPmfqXRJ:OkWd1/mbdg32SJ0bo
-
Danabot Loader Component
-
Danabot family
-
Blocklisted process makes network request
-
Loads dropped DLL
-
-
-
Target
6K69WRpYoPgt3vIoWRXmpAwA.exe
-
Size
90KB
-
MD5
ff2d2b1250ae2706f6550893e12a25f8
-
SHA1
5819d925377d38d921f6952add575a6ca19f213b
-
SHA256
ca46080e121408d9624322e505dc2178ba99e15871c90e101b54e42ea7b54a96
-
SHA512
c66544678f3dd49aa1a23cd459a556d923ba44c5d88334a165ea7bd16e4561955536546627b7e83bf1e759428c04b6312e08fdc8c2f6fab69cd29f3b62ce3d23
-
SSDEEP
1536:lWvNrof2xIZ2ToPCt6VkPRYLUbrjhd3d7t20WYwuIJLO+s8jcdd1vzGHY:lWufhgTeCt0uREWrdhdY0W5uIVO77vKH
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
6RVcR1WSznUXUS8RtLypZMfp.exe
-
Size
90KB
-
MD5
ff2d2b1250ae2706f6550893e12a25f8
-
SHA1
5819d925377d38d921f6952add575a6ca19f213b
-
SHA256
ca46080e121408d9624322e505dc2178ba99e15871c90e101b54e42ea7b54a96
-
SHA512
c66544678f3dd49aa1a23cd459a556d923ba44c5d88334a165ea7bd16e4561955536546627b7e83bf1e759428c04b6312e08fdc8c2f6fab69cd29f3b62ce3d23
-
SSDEEP
1536:lWvNrof2xIZ2ToPCt6VkPRYLUbrjhd3d7t20WYwuIJLO+s8jcdd1vzGHY:lWufhgTeCt0uREWrdhdY0W5uIVO77vKH
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
7UwyHmKx00aB7vI0W6MvnkKA.exe
-
Size
2.4MB
-
MD5
b15db436045c3f484296acc6cff34a86
-
SHA1
346ae322b55e14611f10a64f336aaa9ff6fed68c
-
SHA256
dab2a18df66f2e74d0831a8b118de6b9df2642ac939cbad0552e30696d644193
-
SHA512
804bee37e0a6247ef2edb5dba8d4b6820ff10b0a4cb76e4c039a7242285836ed5255a1f297f8ba96168d9295558844a9fd7ec3a977207f339296a001543c1fd9
-
SSDEEP
49152:/JhGe/xVHII4W2qFRCsh7BQ0vLYtA2uORNJet/ylyPj792:/Jcevr2mLS0cT/Mj792
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
88wncypnTKvKj7Uwab0iiutt.exe
-
Size
900KB
-
MD5
7714deedb24c3dcfa81dc660dd383492
-
SHA1
56fae3ab1186009430e175c73b914c77ed714cc0
-
SHA256
435badbad2fc138245a4771a74ebb9075658e294d1bcfcf191ccea466eea825c
-
SHA512
2cf05ac9470ab4e6d487ec9e4d7ab36fb2c8ce1405dba01b58934778829c7c4db703818087e0c5fbffe6cf821dfa190427e1205530409359ace2ad416e781c58
-
SSDEEP
12288:jx1vJUpzeLkTqhqeEmC7QOZGafeei7fqiHf:H2zIkTgqeEVQO5fess
Score1/10 -
-
-
Target
8Jw_RggGj5lBX2auQAnIQe71.exe
-
Size
381KB
-
MD5
58f5dca577a49a38ea439b3dc7b5f8d6
-
SHA1
175dc7a597935b1afeb8705bd3d7a556649b06cf
-
SHA256
857dd46102aea53f0cb7934b96410ebbc3e7988d38dcafdc8c0988f436533b98
-
SHA512
3c75c0cbbbc14bd25b4feb141fd1595ce02469da50432fb48400eb089d6150fe87831ccc775d921eeec697af7aad33a35fadcfd2ec775aeee1ce34355af7338a
-
SSDEEP
6144:x/QiQXCfoL8+Ee0CYDTAsdRa1OGBfj/WUplm6zIOYQNd28pTXdAmpCLVRZoglM7f:pQi3foL8+iDNdRa1lL//plmW9bTXeVh8
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
A04WVFPeCHaejSnQmBHCogH9.exe
-
Size
264KB
-
MD5
c7ccbd62c259a382501ff67408594011
-
SHA1
c1dca912e6c63e3730f261a3b4ba86dec0acd5f3
-
SHA256
8cfa7e9bc6cbd458cec18a25e6f763a3776802490e6b3d451d864c4dba50c437
-
SHA512
5f5958363820795f96fff6ad71bc1b59ec01a6a24876c5d22d48efaa49bc55373fca1f8e927c23547cdb494ba46b6d3871f377e607c97d9f10d4e0636ac7ef2b
-
SSDEEP
3072:A/vFzYP505Wn7l8V2Rcoh17j89ta9AdHA8HB756aTRg2BNQkRr7fIKT0yB3X:izi7+0RXZ0I987wuRgKj7n
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
SectopRAT payload
-
Sectoprat family
-
-
-
Target
A5ulgq_bFXMyWAYNZZbTBZ0Z.exe
-
Size
1.1MB
-
MD5
2b0e445c62830c383077959a8f07289e
-
SHA1
40c24d7e6dc8fcb68b00b0e8c21a2dc0aed0e34b
-
SHA256
9a9903020d8134184e850dd7069d26734ca07cb0dd87bbde15919587ced1d3a1
-
SHA512
6a20481b88c9f124b2fb8f620e2e6adcc53116f8d2829c5cf915fbfcba4ce0b45e053ebd547918b7a7c95615508f1dcf89f274b3430ea3d0b6de995edb9c644c
-
SSDEEP
24576:OF+drpnEdh3f7/zqT3bdDtm3I00oigJf34hbHnSPmfqXRJ:OkWd1/mbdg32SJ0bo
-
Danabot Loader Component
-
Danabot family
-
Blocklisted process makes network request
-
Loads dropped DLL
-
-
-
Target
AU3ie6Mv1vmus72LuhNF2jzZ.exe
-
Size
272KB
-
MD5
2384683b867fb23fe19827051656ff92
-
SHA1
9233c546a58426267f40c7e0071bb67a148404a2
-
SHA256
7c7698b0b225ba593441808a52e4d8607f2d1b1c650d5cfc6e6a06094bd218ec
-
SHA512
a51bdd08fd9aa814fe8c5f06f5183c6a08822532f54ecd1aa25d0a1465baaedf143feaa76aab837f9ee0cf26ddcfd5ac7d4b83513fca30abc75300de867eeb0d
-
SSDEEP
6144:NulL4+qmRj3GfgD8DxeQY4KiKGzWYlRDq5VKbapYuRpbLKClVyipPf:GLbqmNWfz4YlysRD2pYuPbL9GEP
Score10/10-
Smokeloader family
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1