Overview

overview

10

Static

static

Traves Dreams.exe

windows7_x64

10

Traves Dreams.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Traves Dreams

  • Size

    825KB

  • Sample

    201123-wab8b8d2lj

  • MD5

    26e694fab0a2f2041b191cd154d85ba5

  • SHA1

    1b36528c4f505df852d7fcdd6054cc4ab7d70024

  • SHA256

    0d5bfc0c20d8142640a572b53e611015b225c0312faac51006c299e59a061a8a

  • SHA512

    fd223adbf3172b4f08952f9c095456efea836cba1b869819e31fafc1819a718193f568cb3915fa69477cd45bd2ca19b30b576632d9dc91ec12b98d6e57e634c8

Score
10/10
redlinediscoveryinfostealerspyware

Malware Config

Targets

    • Target

      Traves Dreams

    • Size

      825KB

    • MD5

      26e694fab0a2f2041b191cd154d85ba5

    • SHA1

      1b36528c4f505df852d7fcdd6054cc4ab7d70024

    • SHA256

      0d5bfc0c20d8142640a572b53e611015b225c0312faac51006c299e59a061a8a

    • SHA512

      fd223adbf3172b4f08952f9c095456efea836cba1b869819e31fafc1819a718193f568cb3915fa69477cd45bd2ca19b30b576632d9dc91ec12b98d6e57e634c8

    Score
    10/10
    redlinediscoveryinfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks