Overview

overview

10

Static

static

b2c1396260...6d.exe

windows7_x64

10

b2c1396260...6d.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b2c1396260a5bf7289fbd08cdb3cc96d.exe

  • Size

    1.1MB

  • Sample

    210322-j71ft3kch2

  • MD5

    b2c1396260a5bf7289fbd08cdb3cc96d

  • SHA1

    349ead630fb0f7f12fae208b573a255f12095ed1

  • SHA256

    1be887ab809f4d5f443d78ee02427954aaf63365be283fec335902ac48ba4445

  • SHA512

    23f9135d969bfae5ade2ac4eb1cc4597ad646fcaa814f737422eb6479ef030fc9e19591dc0595684c853104d7b7ada0f0460f8f69067f47e6f09c16e2a665c46

Score
10/10
redlinediscoveryinfostealerspywarestealer

Malware Config

Targets

    • Target

      b2c1396260a5bf7289fbd08cdb3cc96d.exe

    • Size

      1.1MB

    • MD5

      b2c1396260a5bf7289fbd08cdb3cc96d

    • SHA1

      349ead630fb0f7f12fae208b573a255f12095ed1

    • SHA256

      1be887ab809f4d5f443d78ee02427954aaf63365be283fec335902ac48ba4445

    • SHA512

      23f9135d969bfae5ade2ac4eb1cc4597ad646fcaa814f737422eb6479ef030fc9e19591dc0595684c853104d7b7ada0f0460f8f69067f47e6f09c16e2a665c46

    Score
    10/10
    redlinediscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks