Overview

overview

10

Static

static

smweeks-xf...in.exe

windows7_x64

10

smweeks-xf...in.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    smweeks-xfrime.bin.zip

  • Size

    1.4MB

  • Sample

    201105-91vnxntjrs

  • MD5

    2940b72f138a03dd897d661e75e63756

  • SHA1

    8294d75f15c6571c59423d0308a7bc58690f068f

  • SHA256

    dfdf406c2a27405fd840b772b329317625267de7bf4e5d506c9f7fa32c7d57da

  • SHA512

    5fc0eec01856de2b7221055632ccd7668ce47948744fd2a022f472e8707ed15c829e11183b42ebfaa49b680c2e691d74a148ce07b74e6596728568f4e1f2b77d

Score
10/10
redlinediscoveryinfostealerspyware

Malware Config

Targets

    • Target

      smweeks-xfrime.bin

    • Size

      1.5MB

    • MD5

      4847f643e40ad008439c8d17415d3d90

    • SHA1

      30d1d407179656616f49b6acf1996bf0c1313030

    • SHA256

      f9cd8e1cecf04ca59cad80ab3895eec6cef5baaf0d4339d4d96715d161ae0611

    • SHA512

      6289e8102cc414c46a5bd3dee38a02e0bd0447bc9d580940c41130514b7affc0a1caef26ca9ca90f707cce79541f665715336d8030eb4be237577cba50bfad1a

    Score
    10/10
    redlinediscoveryinfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks