Overview

overview

10

Static

static

680c60bd91...c5.exe

windows7_x64

10

680c60bd91...c5.exe

windows10_x64

10

Resubmissions

12-05-2021 10:10

210512-xcth42j22e 10

12-05-2021 07:56

210512-57ypwfs6bx 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    680c60bd9161140133992d026fabdfc5.exe

  • Size

    997KB

  • Sample

    210512-57ypwfs6bx

  • MD5

    680c60bd9161140133992d026fabdfc5

  • SHA1

    1f5a81fdfecd613f6a0c6362a2c7b1757d642bf5

  • SHA256

    d6c5d0d59ecf0f03c81e42ab58ca052a806bc9f145688441e1fe7038c0ed9f0c

  • SHA512

    7e64ead53d6abbe8efa8ba18ad7764aa36d4692f6b92cc03bc9999511bd94f8a83bdfa98edcf07bb98c81785ee20d791c5cb06181caeb07cb3dc0435332de2ca

Score
10/10
icedidredline704617075bankerdiscoveryinfostealerspywarestealertrojan

Malware Config

Extracted

Family

redline

C2

zastaredan.xyz:80

Extracted

Family

icedid

Campaign

704617075

C2

icouldmakeyoubelieve.top

Targets

    • Target

      680c60bd9161140133992d026fabdfc5.exe

    • Size

      997KB

    • MD5

      680c60bd9161140133992d026fabdfc5

    • SHA1

      1f5a81fdfecd613f6a0c6362a2c7b1757d642bf5

    • SHA256

      d6c5d0d59ecf0f03c81e42ab58ca052a806bc9f145688441e1fe7038c0ed9f0c

    • SHA512

      7e64ead53d6abbe8efa8ba18ad7764aa36d4692f6b92cc03bc9999511bd94f8a83bdfa98edcf07bb98c81785ee20d791c5cb06181caeb07cb3dc0435332de2ca

    Score
    10/10
    redlinediscoveryinfostealerspywarestealericedid704617075bankertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

BITS Jobs

1
T1197

Privilege Escalation

Defense Evasion

BITS Jobs

1
T1197

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks