Overview

overview

10

Static

static

a3111c47c0...13.exe

windows7_x64

10

a3111c47c0...13.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a3111c47c0b8cc5405b80e0fee672213.exe

  • Size

    815KB

  • Sample

    210528-x8y99r7vwe

  • MD5

    a3111c47c0b8cc5405b80e0fee672213

  • SHA1

    919e1912ade8b9891f6482fd1c2ded0b85361d0d

  • SHA256

    1d857a8ee0c9851c6ddcd0dcc0ac0057e772f152883762ffbf50457b6c463fd5

  • SHA512

    b3976e6e08602ae921c086a1246c46f5fc8a3fc93fefc72d01c75f50d13ec9d7b07f87981af504c9acef52f7b9cff6dbb33ef130398099a755adfddd5639e849

Score
10/10
redlineadscoupongeneratorv1.0.1discoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

AdsCouponGeneratorV1.0.1

C2

194.233.74.11:35496

Targets

    • Target

      a3111c47c0b8cc5405b80e0fee672213.exe

    • Size

      815KB

    • MD5

      a3111c47c0b8cc5405b80e0fee672213

    • SHA1

      919e1912ade8b9891f6482fd1c2ded0b85361d0d

    • SHA256

      1d857a8ee0c9851c6ddcd0dcc0ac0057e772f152883762ffbf50457b6c463fd5

    • SHA512

      b3976e6e08602ae921c086a1246c46f5fc8a3fc93fefc72d01c75f50d13ec9d7b07f87981af504c9acef52f7b9cff6dbb33ef130398099a755adfddd5639e849

    Score
    10/10
    redlineadscoupongeneratorv1.0.1infostealerdiscoveryspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks