Overview

overview

10

Static

static

Minecraft_v3.1.exe

windows7_x64

10

Minecraft_v3.1.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Minecraft_v3.1.exe

  • Size

    255KB

  • Sample

    210727-n79gr4j6fe

  • MD5

    5030650a2af4334a14fe50c9217b01d5

  • SHA1

    30eb851fc24f8860bef089f8328888762dbdf0db

  • SHA256

    e3ca302504ca202ce505b69023c686568b74e4342b428807e88882b4b525667f

  • SHA512

    8249d36a0653cf733690783f97d79e4faa98ff2830fb817757c5e5aff52dea8205a9a10cccf93d1a821803ccd5929a074c7a6d74378c4a44729c27cb26bbf11c

Score
10/10
redlineytmaloy13discoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

ytmaloy13

C2

46.8.19.196:53773

Targets

    • Target

      Minecraft_v3.1.exe

    • Size

      255KB

    • MD5

      5030650a2af4334a14fe50c9217b01d5

    • SHA1

      30eb851fc24f8860bef089f8328888762dbdf0db

    • SHA256

      e3ca302504ca202ce505b69023c686568b74e4342b428807e88882b4b525667f

    • SHA512

      8249d36a0653cf733690783f97d79e4faa98ff2830fb817757c5e5aff52dea8205a9a10cccf93d1a821803ccd5929a074c7a6d74378c4a44729c27cb26bbf11c

    Score
    10/10
    redlineytmaloy13discoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks