1629cb05e979808c783e15af81a402b56806c7354ad6d40ad25ece9b91b05353

General
Target

1629cb05e979808c783e15af81a402b56806c7354ad6d40ad25ece9b91b05353

Size

664KB

Sample

211125-t9kpvafgfr

Score
10 /10
MD5

cfaa5e874a19d53d5ce7a891b19ac118

SHA1

ccba32b8db6ee40aa674aca6873d114f568dac88

SHA256

1629cb05e979808c783e15af81a402b56806c7354ad6d40ad25ece9b91b05353

SHA512

e856a90977178d1fc19aa9d7e567559a92ff0aed60885bc9d382814d8c10189c55c28ed28423604e0dd2cf6eac8d3b4975b4bee190672ed4a5bc3172d0c6927c

Malware Config

Extracted

Family redline
Botnet 25.11
C2

185.215.113.17:7700

Targets
Target

1629cb05e979808c783e15af81a402b56806c7354ad6d40ad25ece9b91b05353

MD5

cfaa5e874a19d53d5ce7a891b19ac118

Filesize

664KB

Score
10 /10
SHA1

ccba32b8db6ee40aa674aca6873d114f568dac88

SHA256

1629cb05e979808c783e15af81a402b56806c7354ad6d40ad25ece9b91b05353

SHA512

e856a90977178d1fc19aa9d7e567559a92ff0aed60885bc9d382814d8c10189c55c28ed28423604e0dd2cf6eac8d3b4975b4bee190672ed4a5bc3172d0c6927c

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger

    Description

    suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger

    Tags

  • suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

    Description

    suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

    Tags

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Legitimate hosting services abused for malware hosting/C2

    TTPs

    Web Service

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Persistence
                Privilege Escalation