metastealer | 63a37203d598350b284c05833662fbdc89d9d46142120bb035609216f1a3ee77 | Triage

Submit
Reports

Overview

overview

Static

static

SkyBlade.zip

windows10-2004_x64

Resubmissions

14-04-2022 13:46

220414-q27ymaeea4 10

Sharing

General

Target

SkyBlade.zip
Size

3.3MB
Sample

220414-q27ymaeea4
MD5

05db414a0e7a3cc7e576bc00af2c7f18
SHA1

dc898d3d96066ca8ef27f9673dcfe212b61bb9e8
SHA256

63a37203d598350b284c05833662fbdc89d9d46142120bb035609216f1a3ee77
SHA512

1e218ed7efe1a49732336f8d156613e738e0b7f6cc6a65f54544051639df094b64cb5b3cd3013329e92dfb77f47a5c7dce08acf9a317809cc9c245f3db3ba8de

Score

10^/10

metastealer redline 1 infostealer persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

SkyBlade.zip

Resource

win10v2004-20220331-en

metastealer redline 1 infostealer persistence spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

1

C2

65.108.41.163:38151

Attributes

auth_value
95517c2a2f56575288c35d9dfde4a6aa

Targets

- Target
  
  SkyBlade.zip
- Size
  
  3.3MB
- MD5
  
  05db414a0e7a3cc7e576bc00af2c7f18
- SHA1
  
  dc898d3d96066ca8ef27f9673dcfe212b61bb9e8
- SHA256
  
  63a37203d598350b284c05833662fbdc89d9d46142120bb035609216f1a3ee77
- SHA512
  
  1e218ed7efe1a49732336f8d156613e738e0b7f6cc6a65f54544051639df094b64cb5b3cd3013329e92dfb77f47a5c7dce08acf9a317809cc9c245f3db3ba8de
Score

10^/10

metastealer redline 1 infostealer persistence spyware stealer
- Meta Stealer Stealer
  Meta Stealer steals passwords stored in browsers, written in C++.
  stealer metastealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metastealerredline1infostealerpersistencespywarestealer

© 2018-2025

Terms | Privacy