metastealer | 2c047c4411660565df6518a63bb51220e78a0b51fecdc0c746b270597377669e | Triage

Sharing

General

Target

4407a748e233449d07c814035d0e56db.exe
Size

1.9MB
Sample

220414-n316csaeg9
MD5

4407a748e233449d07c814035d0e56db
SHA1

1dbc95d08dbae1fc1d6e6a4e2f87581ff25c7ec0
SHA256

2c047c4411660565df6518a63bb51220e78a0b51fecdc0c746b270597377669e
SHA512

e50f350f04a15d9391231a7a61b4c61eaa3c3e8518bd48a9dde2fb63fec873b861e147982764308e9f7daca3d3f40f4ca2256cd6defeb304b9cde073a820fbb4

Score

10^/10

metastealer redline @ansdvsvsvd infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

@ansdvsvsvd

C2

46.8.220.88:65531

Attributes

auth_value
d7b874c6650abbcb219b4f56f4676fee

Targets

- Target
  
  4407a748e233449d07c814035d0e56db.exe
- Size
  
  1.9MB
- MD5
  
  4407a748e233449d07c814035d0e56db
- SHA1
  
  1dbc95d08dbae1fc1d6e6a4e2f87581ff25c7ec0
- SHA256
  
  2c047c4411660565df6518a63bb51220e78a0b51fecdc0c746b270597377669e
- SHA512
  
  e50f350f04a15d9391231a7a61b4c61eaa3c3e8518bd48a9dde2fb63fec873b861e147982764308e9f7daca3d3f40f4ca2256cd6defeb304b9cde073a820fbb4
Score

10^/10

metastealer redline @ansdvsvsvd infostealer spyware stealer
- Meta Stealer Stealer
  Meta Stealer steals passwords stored in browsers, written in C++.
  stealer metastealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

metastealerredline@ansdvsvsvdinfostealerspywarestealer