bbb52fa71217c68368d6b4d021227e325002e5bb7ecb248661aa4242bf773d8a

General
Target

bbb52fa71217c68368d6b4d021227e325002e5bb7ecb248661aa4242bf773d8a

Size

631KB

Sample

211021-xyabhsbehr

Score
10 /10
MD5

e6f3897b738846eb3d58ecd0677668ef

SHA1

d558f3aafcba39e5c568df3d26bed75d4e4fc335

SHA256

bbb52fa71217c68368d6b4d021227e325002e5bb7ecb248661aa4242bf773d8a

SHA512

b31b2efcdbff1ed82919d8e169a5ab5a180c9ca225fa55de6c35958154c1f075c21e787a59bb821cd66f403a358f70f619efaaf9da2dda327a4b7adf22487cd0

Malware Config

Extracted

Family redline
Botnet mix22.10
C2

185.215.113.15:21508

Targets
Target

bbb52fa71217c68368d6b4d021227e325002e5bb7ecb248661aa4242bf773d8a

MD5

e6f3897b738846eb3d58ecd0677668ef

Filesize

631KB

Score
10 /10
SHA1

d558f3aafcba39e5c568df3d26bed75d4e4fc335

SHA256

bbb52fa71217c68368d6b4d021227e325002e5bb7ecb248661aa4242bf773d8a

SHA512

b31b2efcdbff1ed82919d8e169a5ab5a180c9ca225fa55de6c35958154c1f075c21e787a59bb821cd66f403a358f70f619efaaf9da2dda327a4b7adf22487cd0

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger

    Description

    suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger

    Tags

  • suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

    Description

    suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

    Tags

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Legitimate hosting services abused for malware hosting/C2

    TTPs

    Web Service

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Persistence
                Privilege Escalation