General
-
Target
R6-Hack-main.zip
-
Size
10.3MB
-
Sample
240704-alwyesterp
-
MD5
faba234bc92f7badff696e92958031fc
-
SHA1
605732ac272cb3496ace7515bf02566f901dd29d
-
SHA256
553e980d8aef3f48b9b932c6379534ef324e595f9755b9b86001fd87b903ad0b
-
SHA512
586143e61de38c1b5c691b665417c1f65eaf44ecd9263ec57f25c03a859bfb8675938b6b381b9535103e18338f4d28562cecadb428a8bb26e783e77a2565899e
-
SSDEEP
196608:LxEfbE1cV/xZscC9D6KoGTFeliYVlnQsRCXlZz4mK/NQ6qJRpG:NgEyVW9D6Id2CVZsH0J+
Static task
static1
Behavioral task
behavioral1
Sample
R6-Hack-main/d3dcompiler_47.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral2
Sample
R6-Hack-main/r6s.exe
Resource
win7-20240508-en
Behavioral task
behavioral3
Sample
R6-Hack-main/r6s.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral4
Sample
R6-Hack-main/r6siege.dll
Resource
win10v2004-20240508-en
Malware Config
Extracted
https://rentry.org/lem61111111111/raw
Targets
-
-
Target
R6-Hack-main/d3dcompiler_47.dll
-
Size
4.7MB
-
MD5
2191e768cc2e19009dad20dc999135a3
-
SHA1
f49a46ba0e954e657aaed1c9019a53d194272b6a
-
SHA256
7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d
-
SHA512
5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970
-
SSDEEP
49152:KCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvhiD0N+YEzI4og/RfzHLeHTRhFRNc:xG2QCwmHPnog/pzHAo/A6l
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
R6-Hack-main/r6s.exe
-
Size
7KB
-
MD5
b5e479d3926b22b59926050c29c4e761
-
SHA1
a456cc6993d12abe6c44f2d453d7ae5da2029e24
-
SHA256
fbc4058b92d9bc4dda2dbc64cc61d0b3f193415aad15c362a5d87c90ca1be30b
-
SHA512
09d1aa9b9d7905c37b76a6b697de9f2230219e7f51951654de73b0ad47b8bb8f93cf63aa4688a958477275853b382a2905791db9dcb186cad7f96015b2909fe8
-
SSDEEP
192:q+yk9cqvjX3xszdzztCbxbsIcaqc2Ng5vGIcaBSNtUqOwciQjdv:Tyk9Hv1O/Cbxbbcaqc2NidcaANt/dcio
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
R6-Hack-main/r6siege.dll
-
Size
20.8MB
-
MD5
ab2cc84a98d05ab8b540a9ad3a48ab15
-
SHA1
d59736cefc5bb2d6fc429a5027bbb5b69039b555
-
SHA256
3e41929571bd1307e71bc851dfe7a37c8657bb16a8387217e09660c46e8b57b3
-
SHA512
84bc192b9232dbc427c2fb7d98727960f6f57fe769e097cfe8581feb778b54df8a6aaa8faac5cc060a2c137e10208e47a5529551aacde345a8fb2152796ebc47
-
SSDEEP
393216:AUWnI3LyrngF82KMV+mQvB0WK0j6DWu016PN:srnFj6DWuo6l
Score1/10 -