d68ff2a97b93e0963d894762a400fb9feccba8f85927ca4f212f49b0197334b5

General
Target

d68ff2a97b93e0963d894762a400fb9feccba8f85927ca4f212f49b0197334b5

Size

663KB

Sample

211125-tz7fvsfgdj

Score
10 /10
MD5

2d989b36edf9695b6f0e10fc9b59b959

SHA1

d42debaac744da4e595741c57a3e5111b955b346

SHA256

d68ff2a97b93e0963d894762a400fb9feccba8f85927ca4f212f49b0197334b5

SHA512

499d9a4ea7a1daa82eeeeefc7e8d4a8fe2178abfcf7987141f4473611c28d0862424bacc157ce3b8ada79d7bc3aef82f4821cf26ee9ce6168b55943b8f0118ff

Malware Config

Extracted

Family redline
Botnet 25.11
C2

185.215.113.17:7700

Targets
Target

d68ff2a97b93e0963d894762a400fb9feccba8f85927ca4f212f49b0197334b5

MD5

2d989b36edf9695b6f0e10fc9b59b959

Filesize

663KB

Score
10 /10
SHA1

d42debaac744da4e595741c57a3e5111b955b346

SHA256

d68ff2a97b93e0963d894762a400fb9feccba8f85927ca4f212f49b0197334b5

SHA512

499d9a4ea7a1daa82eeeeefc7e8d4a8fe2178abfcf7987141f4473611c28d0862424bacc157ce3b8ada79d7bc3aef82f4821cf26ee9ce6168b55943b8f0118ff

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger

    Description

    suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger

    Tags

  • suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

    Description

    suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

    Tags

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Legitimate hosting services abused for malware hosting/C2

    TTPs

    Web Service

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Persistence
                Privilege Escalation