e7d036c77c92bcc5773be4c2f4b4476282f36c0c05f45ab5b3bf2d275270cf06

General
Target

e7d036c77c92bcc5773be4c2f4b4476282f36c0c05f45ab5b3bf2d275270cf06

Size

117KB

Sample

210926-rg4k5sehan

Score
10 /10
MD5

96dce028459cf26be5816b14c6b14484

SHA1

e0a93d63ebc7e56459005d911edece66987531dd

SHA256

e7d036c77c92bcc5773be4c2f4b4476282f36c0c05f45ab5b3bf2d275270cf06

SHA512

d37089834b5c662eebb9f7efce8fd61a62018ded5c45d5405e72dab5e844744f548980ec6265e184c82ff52505fa3189c195c5f8ea62a70260b9ab986ae2188e

Malware Config

Extracted

Family redline
Botnet @alan_miller102
C2

194.15.46.144:36848

Targets
Target

e7d036c77c92bcc5773be4c2f4b4476282f36c0c05f45ab5b3bf2d275270cf06

MD5

96dce028459cf26be5816b14c6b14484

Filesize

117KB

Score
7 /10
SHA1

e0a93d63ebc7e56459005d911edece66987531dd

SHA256

e7d036c77c92bcc5773be4c2f4b4476282f36c0c05f45ab5b3bf2d275270cf06

SHA512

d37089834b5c662eebb9f7efce8fd61a62018ded5c45d5405e72dab5e844744f548980ec6265e184c82ff52505fa3189c195c5f8ea62a70260b9ab986ae2188e

Tags

Signatures

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks

                    static1

                    10/10

                    behavioral1

                    7/10