General
-
Target
REDCarrier_webpost_1.3.16_jinc_x64-Setup.exe
-
Size
128.1MB
-
Sample
250211-mcl33stpdz
-
MD5
a9a14fa9ebfbcbc56cff625eea08fb74
-
SHA1
c8d0ff476285725d4aad6db555eb5b77873fba26
-
SHA256
5d68b7e70400c882601848652cabf23e4c9baf295a1c0d0fa81d6ee5b0993d8f
-
SHA512
c0d52d7d634a588202fbb8fc8b264116abf98d55394a78ff40fa7e3b4f7cdd62f908c0a46ba98ca31dbacf2d6d6a99d1e6f775e485ecbd20ed7fbbd8eb0c7880
-
SSDEEP
3145728:bkZAKHvkspBS43lu9TMCwr/hO5+FuH+NzAx6N0f3E:bkZ1kspBR1w5wrhO5tFx6OPE
Static task
static1
Behavioral task
behavioral1
Sample
REDCarrier_webpost_1.3.16_jinc_x64-Setup.exe
Resource
win10v2004-20250207-en
Behavioral task
behavioral2
Sample
REDCarrier_webpost_1.3.16_jinc_x64-Setup.exe
Resource
win11-20250207-en
Malware Config
Targets
-
-
Target
REDCarrier_webpost_1.3.16_jinc_x64-Setup.exe
-
Size
128.1MB
-
MD5
a9a14fa9ebfbcbc56cff625eea08fb74
-
SHA1
c8d0ff476285725d4aad6db555eb5b77873fba26
-
SHA256
5d68b7e70400c882601848652cabf23e4c9baf295a1c0d0fa81d6ee5b0993d8f
-
SHA512
c0d52d7d634a588202fbb8fc8b264116abf98d55394a78ff40fa7e3b4f7cdd62f908c0a46ba98ca31dbacf2d6d6a99d1e6f775e485ecbd20ed7fbbd8eb0c7880
-
SSDEEP
3145728:bkZAKHvkspBS43lu9TMCwr/hO5+FuH+NzAx6N0f3E:bkZ1kspBR1w5wrhO5tFx6OPE
-
Boot or Logon Autostart Execution: Port Monitors
Adversaries may use port monitors to run an adversary supplied DLL during system boot for persistence or privilege escalation.
-
Downloads MZ/PE file
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Port Monitors
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Port Monitors
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1