a5cbe2db9201e14b3f2b9997878351e28e3b51443e9410c2e680bb814c07befe

General
Target

a5cbe2db9201e14b3f2b9997878351e28e3b51443e9410c2e680bb814c07befe

Size

631KB

Sample

211021-z4v7aabfel

Score
10 /10
MD5

bd70b2d9fe9a7f840a9923c096d32251

SHA1

e5c61c8d88f5d9515f0f1b20cb56708d82fa60e9

SHA256

a5cbe2db9201e14b3f2b9997878351e28e3b51443e9410c2e680bb814c07befe

SHA512

41a2c3931bf508732a59162258324b9cf0c96c5b6ee780a707e23baeda181331a4d036d8e5082abb1e6e5202c46a6b2257db9339580e3c5a966a08596024d391

Malware Config

Extracted

Family redline
Botnet 22.10
C2

185.215.113.17:7700

Targets
Target

a5cbe2db9201e14b3f2b9997878351e28e3b51443e9410c2e680bb814c07befe

MD5

bd70b2d9fe9a7f840a9923c096d32251

Filesize

631KB

Score
10/10
SHA1

e5c61c8d88f5d9515f0f1b20cb56708d82fa60e9

SHA256

a5cbe2db9201e14b3f2b9997878351e28e3b51443e9410c2e680bb814c07befe

SHA512

41a2c3931bf508732a59162258324b9cf0c96c5b6ee780a707e23baeda181331a4d036d8e5082abb1e6e5202c46a6b2257db9339580e3c5a966a08596024d391

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger

    Description

    suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger

    Tags

  • suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

    Description

    suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

    Tags

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Legitimate hosting services abused for malware hosting/C2

    TTPs

    Web Service

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Persistence
                Privilege Escalation