исходник.exe

General
Target

исходник.exe

Size

2MB

Sample

220127-vd64msgafn

Score
10 /10
MD5

cb267c252a42ed8e1de90463e2ab4013

SHA1

fcfc74cfc893c4b454cfcc190a51fc9e9b6b265b

SHA256

1ec0a7cf579b43db873c885bb6fcee2e082ef92fe423372acec2cab9bd9040c0

SHA512

ece505a79a2e2b84b731ece8024e37f4da579f6af1555ad6ae2088c5fe4c5884819e64a4ca7b42fcee464912179e88a9782566cf5f2ff18f9bf63121e5045b01

Malware Config

Extracted

Family redline
Botnet sapphire
C2

185.230.143.237:2548

Targets
Target

исходник.exe

MD5

cb267c252a42ed8e1de90463e2ab4013

Filesize

2MB

Score
10/10
SHA1

fcfc74cfc893c4b454cfcc190a51fc9e9b6b265b

SHA256

1ec0a7cf579b43db873c885bb6fcee2e082ef92fe423372acec2cab9bd9040c0

SHA512

ece505a79a2e2b84b731ece8024e37f4da579f6af1555ad6ae2088c5fe4c5884819e64a4ca7b42fcee464912179e88a9782566cf5f2ff18f9bf63121e5045b01

Tags

Signatures

  • Echelon

    Description

    Echelon is a .NET stealer that targets passwords from browsers, email and cryptocurrency clients.

    Tags

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers

    Description

    suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers

    Tags

  • suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer

    Description

    suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer

    Tags

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtSetInformationThreadHideFromDebugger

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks

                    static1

                    behavioral1

                    6/10