General

  • Target

    RedEngine.bin.zip

  • Size

    2.4MB

  • Sample

    210721-evb1mvs676

  • MD5

    8f82f656fa77e14475f84456bc6cb748

  • SHA1

    76f03e5af6d620d8271863f80f25bb8075514663

  • SHA256

    3ed769b6956e8f11a820e2fcd4a4b4a540a6157cd6e23f4957ca0cb913e65837

  • SHA512

    479f600f160f6e54f62614e162d837fc71a7e063277fbfd0bf9b6202f961dbd22b62893e1a895f5935272b19e7d5a8427b52e0574a763a8cf1fdd1f423e3c517

Malware Config

Targets

    • Target

      RedEngine.bin

    • Size

      2.4MB

    • MD5

      9b3ebaad1daa140c57f78c859a720587

    • SHA1

      36385354189232f1fec5dc1fdd5d289eab2b347e

    • SHA256

      0e33e8f48d6bce6744e2467b195283ae899a8b59ea2f027f9062e8cc090222b0

    • SHA512

      027d892b71e616719d62669e34ebe7bdbac632b669e809a689021409e3a8a849c13785079c4453f488584322ece5467344d2535ed01e15d93386122afd3e7477

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Executes dropped EXE

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Collection

Data from Local System

1
T1005

Tasks