General

  • Target

    REDCarrier_webpost_1.3.16_jinc_x64-Setup.exe

  • Size

    128.1MB

  • Sample

    250211-mcl33stpdz

  • MD5

    a9a14fa9ebfbcbc56cff625eea08fb74

  • SHA1

    c8d0ff476285725d4aad6db555eb5b77873fba26

  • SHA256

    5d68b7e70400c882601848652cabf23e4c9baf295a1c0d0fa81d6ee5b0993d8f

  • SHA512

    c0d52d7d634a588202fbb8fc8b264116abf98d55394a78ff40fa7e3b4f7cdd62f908c0a46ba98ca31dbacf2d6d6a99d1e6f775e485ecbd20ed7fbbd8eb0c7880

  • SSDEEP

    3145728:bkZAKHvkspBS43lu9TMCwr/hO5+FuH+NzAx6N0f3E:bkZ1kspBR1w5wrhO5tFx6OPE

Malware Config

Targets

    • Target

      REDCarrier_webpost_1.3.16_jinc_x64-Setup.exe

    • Size

      128.1MB

    • MD5

      a9a14fa9ebfbcbc56cff625eea08fb74

    • SHA1

      c8d0ff476285725d4aad6db555eb5b77873fba26

    • SHA256

      5d68b7e70400c882601848652cabf23e4c9baf295a1c0d0fa81d6ee5b0993d8f

    • SHA512

      c0d52d7d634a588202fbb8fc8b264116abf98d55394a78ff40fa7e3b4f7cdd62f908c0a46ba98ca31dbacf2d6d6a99d1e6f775e485ecbd20ed7fbbd8eb0c7880

    • SSDEEP

      3145728:bkZAKHvkspBS43lu9TMCwr/hO5+FuH+NzAx6N0f3E:bkZ1kspBR1w5wrhO5tFx6OPE

    • Boot or Logon Autostart Execution: Port Monitors

      Adversaries may use port monitors to run an adversary supplied DLL during system boot for persistence or privilege escalation.

    • Downloads MZ/PE file

    • Modifies Windows Firewall

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks