SecuriteInfo.com.Heur.17155.13989

General
Target

SecuriteInfo.com.Heur.17155.13989

Size

1MB

Sample

210331-jyyb1v5l1j

Score
10 /10
MD5

3c2b4c4920ccbb7456ea0539e596948c

SHA1

948ad5579c0aef35050ec330ce954bc84cfe2559

SHA256

3c3bee00c300584717e1c307e690d05ab1c6c98428d83ca0d4285fe24a9e1015

SHA512

397cf6a365ea609bfbe47868009081dd13c1662b4de2580e86d46de4fc4ec64263d36cab77329c7142acf7c7ee151eae44f86a394d526d8907a9da0724a92322

Malware Config

Extracted

Family redline
Botnet 5kmaraafterbuild
C2

217.12.209.30:44444

Targets
Target

SecuriteInfo.com.Heur.17155.13989

MD5

3c2b4c4920ccbb7456ea0539e596948c

Filesize

1MB

Score
10 /10
SHA1

948ad5579c0aef35050ec330ce954bc84cfe2559

SHA256

3c3bee00c300584717e1c307e690d05ab1c6c98428d83ca0d4285fe24a9e1015

SHA512

397cf6a365ea609bfbe47868009081dd13c1662b4de2580e86d46de4fc4ec64263d36cab77329c7142acf7c7ee151eae44f86a394d526d8907a9da0724a92322

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                Privilege Escalation