17d101ce845ce89dc1a9832afd7d73e3db53ff0c19189066ad5d1a04d2ace034

General
Target

17d101ce845ce89dc1a9832afd7d73e3db53ff0c19189066ad5d1a04d2ace034

Size

631KB

Sample

211021-zj8a4sbfdk

Score
10 /10
MD5

f1a3309661292fc72977ada6b090c37c

SHA1

d64a3750da95bd55dd6f381cbb1301212be19e33

SHA256

17d101ce845ce89dc1a9832afd7d73e3db53ff0c19189066ad5d1a04d2ace034

SHA512

d1bd743c72e09ea0289233effcaf2d929fc84e3006d53f96b07d0e6dfc0b3a92234af0406dc2ad396cddd0e859d5c5afe10253bb6c3881e3a02743f684da8180

Malware Config

Extracted

Family redline
Botnet mix22.10
C2

185.215.113.15:21508

Targets
Target

17d101ce845ce89dc1a9832afd7d73e3db53ff0c19189066ad5d1a04d2ace034

MD5

f1a3309661292fc72977ada6b090c37c

Filesize

631KB

Score
10/10
SHA1

d64a3750da95bd55dd6f381cbb1301212be19e33

SHA256

17d101ce845ce89dc1a9832afd7d73e3db53ff0c19189066ad5d1a04d2ace034

SHA512

d1bd743c72e09ea0289233effcaf2d929fc84e3006d53f96b07d0e6dfc0b3a92234af0406dc2ad396cddd0e859d5c5afe10253bb6c3881e3a02743f684da8180

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger

    Description

    suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger

    Tags

  • suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

    Description

    suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

    Tags

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Legitimate hosting services abused for malware hosting/C2

    TTPs

    Web Service

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Persistence
                Privilege Escalation