400ee0714dd95e2444a1242483027271.exe

General
Target

400ee0714dd95e2444a1242483027271.exe

Size

594KB

Sample

210722-zwz6rmwwms

Score
10 /10
MD5

400ee0714dd95e2444a1242483027271

SHA1

2eba3d61e364e8a40f187556c337809b92e06914

SHA256

f80044762635fc93a0b1f612664bd9b0b21fa0e88fd473b8f298d9726c43f9a8

SHA512

586f59447cd3109d8e64b0f53da1cc80c3ef89d8013ead6154a103f638e4539a20cbeb4ac5bfc96c8be87cde74dc3c6749c8f3e9cebf330eb903bdc5b9370d36

Malware Config

Extracted

Family redline
Botnet MIX 22.07
C2

185.215.113.17:18597

Targets
Target

400ee0714dd95e2444a1242483027271.exe

MD5

400ee0714dd95e2444a1242483027271

Filesize

594KB

Score
10 /10
SHA1

2eba3d61e364e8a40f187556c337809b92e06914

SHA256

f80044762635fc93a0b1f612664bd9b0b21fa0e88fd473b8f298d9726c43f9a8

SHA512

586f59447cd3109d8e64b0f53da1cc80c3ef89d8013ead6154a103f638e4539a20cbeb4ac5bfc96c8be87cde74dc3c6749c8f3e9cebf330eb903bdc5b9370d36

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Legitimate hosting services abused for malware hosting/C2

    TTPs

    Web Service

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Persistence
                Privilege Escalation