Overview

overview

10

Static

static

10

Flash USDT...le.dll

windows7-x64

1

Flash USDT...le.dll

windows7-x64

1

Flash USDT...er.exe

windows7-x64

Flash USDT...es.exe

windows7-x64

Flash USDT...ss.exe

windows7-x64

Flash USDT...n1.dll

windows7-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    flashusdt (FAKE).zip

  • Size

    35.0MB

  • Sample

    241130-prennayjhn

  • MD5

    d34981c72ae29bfdd3c4ac80edb6aabc

  • SHA1

    d8c41205223e646d8adf01171ee8059054031261

  • SHA256

    bfe208bcb935bb73daec7a30ffc43879b108d1779eba518ca0c760493c614723

  • SHA512

    ebdb05cd885c200bfeca7d579e597fc78264ea89f0d7effd378aa7487d3359924ce0c6a5844241810ee253160912cdb0916ae60f26ab4a27d0aaf3c55e0b7897

  • SSDEEP

    786432:JjhG8M+gsNeVdTsWMKHSA6lq/xwtcaQvPtW5neHZawog+Yb08hJH:hhG+gs2VJMIclYwtn+lwY0SJH

Score
10/10
redlinexwormxrebone

Malware Config

Extracted

Family

xworm

C2

154.29.74.68:7000

Attributes
  • Install_directory

    %AppData%

  • install_file

    XClient.exe

  • telegram

    https://api.telegram.org/bot8188080790:AAESe0kuvZlMueVzGbFe6POBUCk14_MuOqY/sendMessage?chat_id=6772212501

Extracted

Family

redline

Botnet

Xrebone

C2

154.29.74.68:1912

Targets

    • Target

      Flash USDT Sender /AgentModule.dll

    • Size

      2.0MB

    • MD5

      73cfc7a409101d5635e8042bcdf5c6c7

    • SHA1

      cf5cc36776c8ec4582bd356b6833aa0905430a92

    • SHA256

      d46f87b767dc82bf9a180bb2a981058909ff65cf0de6edfbc917cbac0f719f67

    • SHA512

      4e823b31f81aa3f6ad22b26ec55389764867b6e66daa73d17c4d5f501d6a817be520edd49e7dc7c1cee43caf7eb533c456ebfef021c528edaeb9a099325fe12c

    • SSDEEP

      49152:kylT3MFWj4LouEfF7Mgi4kpCzrLmq064lTRQCyqjc:thcFetTfF7Mt9CzrLmq0DltQLqI

    Score
    1/10
    behavioral1

    • Target

      Flash USDT Sender /CommonModule.dll

    • Size

      1.5MB

    • MD5

      eda386546817f68607fc7f3361c89eac

    • SHA1

      221b78ac990d558f0565d6cc8b7d16786d4afa10

    • SHA256

      44d33f4dacfc4bac2d56a49194ca4d40bc3e3f72478cd20ed696b1d3f110cc96

    • SHA512

      b51f0fe242ef0fc300163b6e56364a43f8dd26207c22be4110fa42aa291ba324193b795c548646c98644a8670449a54c37009112c10832f54a4a932713100680

    • SSDEEP

      24576:xdigP0DDbamB99f7yxucOzg8mhkF/tlDkF5enYkHEPPn2a2IJeARStTzzn4CwcNx:xdizv9f7yxucOzbmOdtlDrkn2fMeak2g

    Score
    1/10
    behavioral2

    • Target

      Flash USDT Sender /Flash USDT sender.exe

    • Size

      41.4MB

    • MD5

      b537c6e079ea33d479734ec1520568aa

    • SHA1

      554a46055c4ec7aa2a15b21b163b0040e3961fdf

    • SHA256

      5e79ed22e49281e62b4b1f7f98baeec1e36eadee8f1a3ad4f1bb2b059c05e1d5

    • SHA512

      e99d479c428bdbae0b3278b200a439438baeb1e89ae3649da8f6ac6184e8362fdaa8771c5c9684c1e8e4a9cf77a1888ead1133ce999dfacc39d9d1871019a5bb

    • SSDEEP

      786432:TX04qRUoiGhZtCiuDtNFq300YnOyHsNEj4lmj52V+Fm3QaWsi3c7s/:TH6iGhp+m65a3QFzT/

    Score
    1/10
    behavioral3

    • Target

      Flash USDT Sender /Network fees.exe

    • Size

      86KB

    • MD5

      4ed3835963039357ef222ca9ab2b03af

    • SHA1

      bb231b0bad3206592fb7a7a95bf7ac4360922101

    • SHA256

      1eaacbeeb1ea046dd3d83fbd08b629acc743fb8a57f673f740184ff72a30c238

    • SHA512

      a421104e217965492d3351a0179c851cd9b994cad1047ae4ff3c20f93c5a18eeac1967f061df958b03b644a74dd3325cd7b2ac8dfead6b56a915a48de8b07b83

    • SSDEEP

      1536:RHZnFnP5vEuweD6lC+bhKfhKWgv6FLROhyFlHJwG:R5FxvE0DuC+bhKNLRO4FlHl

    Score
    1/10
    behavioral4

    • Target

      Flash USDT Sender /bypass.exe

    • Size

      300KB

    • MD5

      125ba87754583d4adb5f2c3b336c941a

    • SHA1

      023a57d5c14dfb0ade4ef5ba793c06d87803ad68

    • SHA256

      55d86eaae9383a493ffe20be18879619b4b7c5416ace7cd3212482b2232261c5

    • SHA512

      8ae3354503e1bc168eefba20f5bbeaa161301a13d6160dcfafe4b837e580f455ba293a1c47d76076dc558aa6d928199067f9b74145334a97e6ee006e318c043b

    • SSDEEP

      3072:GcZqf7D34xp/0+mAYkygYdQ0ghnB1fA0PuTVAtkxzn3R4eqiOL2bBOA:GcZqf7DIjnGapB1fA0GTV8kdYL

    Score
    1/10
    behavioral5

    • Target

      Flash USDT Sender /cygwin1.dll

    • Size

      3.2MB

    • MD5

      26dc9423dabf300185c57fc9aee36a38

    • SHA1

      ced29695fb9033e48223ef188a96d8b7d213cbb3

    • SHA256

      aa4e55537722731c64a3ec520d63b02291d8640178c5129df2c1c5c4e8f9c90e

    • SHA512

      76dd2f9fcf06c45403d368e8e07b9c75db0b94f4c862a7d43be6e18717551b027bf01def586b47f0f04e7dfedb622875bb3e5044abd9ac60d17ac08422f5c363

    • SSDEEP

      98304:tZk9IDGbx19Mx0Mr7YaZFt3WG00Khy7wYMe1u4CU5NbWN5obRfhAS:Xk9IueFpVv

    Score
    1/10
    behavioral6

MITRE ATT&CK Matrix

Tasks