Overview

overview

10

Static

static

Avira.exe

windows7_x64

10

Avira.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Avira.zip

  • Size

    293KB

  • Sample

    201117-zezj2ljvhx

  • MD5

    c5f6d36bfc596f2f3c3fed71c4d38727

  • SHA1

    a9075350b6902982fe5c07fd7db762c10e362c1f

  • SHA256

    20ded75e0706e6f63981bcc5e47af938a510bde373661a644e656f01272eae97

  • SHA512

    c59c4427960df18fbe30f4fbb2656d8b4a6884fc740bb7718f5fd458be892999ebd011ec2ca343cd0a3e85ff097d447684b6de9886ce394f8259eb72ff9bcfe2

Score
10/10
redlinediscoveryinfostealerspyware

Malware Config

Targets

    • Target

      Avira.exe

    • Size

      598KB

    • MD5

      1dc461b30007e930f039e143d41be86a

    • SHA1

      fd44a3a5ed12c95e7a76c65682a3e843496436c7

    • SHA256

      1442965ab57addb1ed08de499ce2d1569a29c1fcfd6523a2f1e3e629aadf8d7e

    • SHA512

      c2ddb98cb3700445dc1f7d1ef93210666836891e5349ea03c879bfdeab5b7d27b8c62dfa2a9145b2f8976e7bf498e4f07c265b56ab5afab3ecac34249601b8cf

    Score
    10/10
    redlinediscoveryinfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks