Overview

overview

10

Static

static

SecuriteIn...89.exe

windows7_x64

10

SecuriteIn...89.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Heur.17155.13989

  • Size

    1.6MB

  • Sample

    210331-jyyb1v5l1j

  • MD5

    3c2b4c4920ccbb7456ea0539e596948c

  • SHA1

    948ad5579c0aef35050ec330ce954bc84cfe2559

  • SHA256

    3c3bee00c300584717e1c307e690d05ab1c6c98428d83ca0d4285fe24a9e1015

  • SHA512

    397cf6a365ea609bfbe47868009081dd13c1662b4de2580e86d46de4fc4ec64263d36cab77329c7142acf7c7ee151eae44f86a394d526d8907a9da0724a92322

Score
10/10
redline5kmaraafterbuilddiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

5kmaraafterbuild

C2

217.12.209.30:44444

Targets

    • Target

      SecuriteInfo.com.Heur.17155.13989

    • Size

      1.6MB

    • MD5

      3c2b4c4920ccbb7456ea0539e596948c

    • SHA1

      948ad5579c0aef35050ec330ce954bc84cfe2559

    • SHA256

      3c3bee00c300584717e1c307e690d05ab1c6c98428d83ca0d4285fe24a9e1015

    • SHA512

      397cf6a365ea609bfbe47868009081dd13c1662b4de2580e86d46de4fc4ec64263d36cab77329c7142acf7c7ee151eae44f86a394d526d8907a9da0724a92322

    Score
    10/10
    redline5kmaraafterbuilddiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks