a17aa04989540fe3b64fbdc853143d35671ed57446a51b307a80c9996238ea83

General
Target

a17aa04989540fe3b64fbdc853143d35671ed57446a51b307a80c9996238ea83

Size

632KB

Sample

211021-xzebvsbfak

Score
10 /10
MD5

d29813a2b2564f30acf58849f526fde0

SHA1

3c05bcd02cb3ef6c7d191abdb44da72f76abcb18

SHA256

a17aa04989540fe3b64fbdc853143d35671ed57446a51b307a80c9996238ea83

SHA512

ef1fe1b41d06ae1d8c03df6b95af1ef6a2f1926d3aaecb7f73bddb99ce4284bffe41b08a070f95b712e56bbc4a7790995964d5dd686f6e794eb2a44940e9ce1d

Malware Config

Extracted

Family redline
Botnet 22.10
C2

185.215.113.17:7700

Targets
Target

a17aa04989540fe3b64fbdc853143d35671ed57446a51b307a80c9996238ea83

MD5

d29813a2b2564f30acf58849f526fde0

Filesize

632KB

Score
10 /10
SHA1

3c05bcd02cb3ef6c7d191abdb44da72f76abcb18

SHA256

a17aa04989540fe3b64fbdc853143d35671ed57446a51b307a80c9996238ea83

SHA512

ef1fe1b41d06ae1d8c03df6b95af1ef6a2f1926d3aaecb7f73bddb99ce4284bffe41b08a070f95b712e56bbc4a7790995964d5dd686f6e794eb2a44940e9ce1d

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger

    Description

    suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger

    Tags

  • suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

    Description

    suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

    Tags

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Legitimate hosting services abused for malware hosting/C2

    TTPs

    Web Service

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Persistence
                Privilege Escalation