Overview

overview

10

Static

static

SkyBlade.zip

windows10-2004_x64

10

Resubmissions

14-04-2022 13:46

220414-q27ymaeea4 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SkyBlade.zip

  • Size

    3.3MB

  • Sample

    220414-q27ymaeea4

  • MD5

    05db414a0e7a3cc7e576bc00af2c7f18

  • SHA1

    dc898d3d96066ca8ef27f9673dcfe212b61bb9e8

  • SHA256

    63a37203d598350b284c05833662fbdc89d9d46142120bb035609216f1a3ee77

  • SHA512

    1e218ed7efe1a49732336f8d156613e738e0b7f6cc6a65f54544051639df094b64cb5b3cd3013329e92dfb77f47a5c7dce08acf9a317809cc9c245f3db3ba8de

Score
10/10
metastealerredline1infostealerpersistencespywarestealer

Malware Config

Extracted

Family

redline

Botnet

1

C2

65.108.41.163:38151

Attributes
  • auth_value

    95517c2a2f56575288c35d9dfde4a6aa

Targets

    • Target

      SkyBlade.zip

    • Size

      3.3MB

    • MD5

      05db414a0e7a3cc7e576bc00af2c7f18

    • SHA1

      dc898d3d96066ca8ef27f9673dcfe212b61bb9e8

    • SHA256

      63a37203d598350b284c05833662fbdc89d9d46142120bb035609216f1a3ee77

    • SHA512

      1e218ed7efe1a49732336f8d156613e738e0b7f6cc6a65f54544051639df094b64cb5b3cd3013329e92dfb77f47a5c7dce08acf9a317809cc9c245f3db3ba8de

    Score
    10/10
    metastealerredline1infostealerpersistencespywarestealer

    • Meta Stealer Stealer

      Meta Stealer steals passwords stored in browsers, written in C++.

      stealermetastealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Executes dropped EXE

    • Modifies Installed Components in the registry

      persistence

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

3
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

4
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks