dff7a52513235d80ee44e0a38c1b9078787d0482af66646b4a84c43bc539e2b3

General
Target

dff7a52513235d80ee44e0a38c1b9078787d0482af66646b4a84c43bc539e2b3

Size

116KB

Sample

210926-rg4k5sehg6

Score
10 /10
MD5

d04d4d9896a08dc0ec357ca574814a1b

SHA1

c505429beddc51abc26c29e5ee96df5f44a8f171

SHA256

dff7a52513235d80ee44e0a38c1b9078787d0482af66646b4a84c43bc539e2b3

SHA512

7cc60ebe0ce9966247868fa679076cc9258bcaf2f3b036249143c6d2eac41ef6d3396503b6434173b41cc6dc393b6cf58ed8919f3d8bcc5c44a03a59c0aa4cc0

Malware Config

Extracted

Family redline
Botnet installszxc
C2

138.124.186.2:27999

Targets
Target

dff7a52513235d80ee44e0a38c1b9078787d0482af66646b4a84c43bc539e2b3

MD5

d04d4d9896a08dc0ec357ca574814a1b

Filesize

116KB

Score
7/10
SHA1

c505429beddc51abc26c29e5ee96df5f44a8f171

SHA256

dff7a52513235d80ee44e0a38c1b9078787d0482af66646b4a84c43bc539e2b3

SHA512

7cc60ebe0ce9966247868fa679076cc9258bcaf2f3b036249143c6d2eac41ef6d3396503b6434173b41cc6dc393b6cf58ed8919f3d8bcc5c44a03a59c0aa4cc0

Tags

Signatures

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks

                    static1

                    10/10

                    behavioral1

                    7/10