Overview

overview

10

Static

static

f3fa03025a...f1.exe

windows7_x64

10

f3fa03025a...f1.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f3fa03025a7f730194ec723fc73550b525bc098969c32802d6eddef97a7486f1

  • Size

    2.0MB

  • Sample

    201116-fqlkkwbee6

  • MD5

    3a6364cd3ceaf2d0b28ebf27785fc8c1

  • SHA1

    b1d3601e31d87110bef6076c5b14b3ebcbce6885

  • SHA256

    f3fa03025a7f730194ec723fc73550b525bc098969c32802d6eddef97a7486f1

  • SHA512

    dc51e1578279beb5db4d534738d4c7df50c360093a370cfd8df70782be5f3fbf2de045016be54068adc3359bb218caa9b34f2e105c53e2071c3387990e2e41fd

Score
10/10
redlinediscoveryinfostealerspyware

Malware Config

Targets

    • Target

      f3fa03025a7f730194ec723fc73550b525bc098969c32802d6eddef97a7486f1

    • Size

      2.0MB

    • MD5

      3a6364cd3ceaf2d0b28ebf27785fc8c1

    • SHA1

      b1d3601e31d87110bef6076c5b14b3ebcbce6885

    • SHA256

      f3fa03025a7f730194ec723fc73550b525bc098969c32802d6eddef97a7486f1

    • SHA512

      dc51e1578279beb5db4d534738d4c7df50c360093a370cfd8df70782be5f3fbf2de045016be54068adc3359bb218caa9b34f2e105c53e2071c3387990e2e41fd

    Score
    10/10
    redlinediscoveryinfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks