General
Target

SkyBlade.zip

Size

3MB

Sample

220414-q27ymaeea4

Score
10/10
MD5

05db414a0e7a3cc7e576bc00af2c7f18

SHA1

dc898d3d96066ca8ef27f9673dcfe212b61bb9e8

SHA256

63a37203d598350b284c05833662fbdc89d9d46142120bb035609216f1a3ee77

SHA512

1e218ed7efe1a49732336f8d156613e738e0b7f6cc6a65f54544051639df094b64cb5b3cd3013329e92dfb77f47a5c7dce08acf9a317809cc9c245f3db3ba8de

Malware Config

Extracted

Family

redline

Botnet

1

C2

65.108.41.163:38151

Attributes
auth_value
95517c2a2f56575288c35d9dfde4a6aa
Targets
Target

SkyBlade.zip

MD5

05db414a0e7a3cc7e576bc00af2c7f18

Filesize

3MB

Score
10/10
SHA1

dc898d3d96066ca8ef27f9673dcfe212b61bb9e8

SHA256

63a37203d598350b284c05833662fbdc89d9d46142120bb035609216f1a3ee77

SHA512

1e218ed7efe1a49732336f8d156613e738e0b7f6cc6a65f54544051639df094b64cb5b3cd3013329e92dfb77f47a5c7dce08acf9a317809cc9c245f3db3ba8de

Tags

Signatures

  • Meta Stealer Stealer

    Description

    Meta Stealer steals passwords stored in browsers, written in C++.

    Tags

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • Executes dropped EXE

  • Modifies Installed Components in the registry

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Enumerates connected drives

    Description

    Attempts to read the root path of hard drives other than the default C: drive.

    TTPs

    Query RegistryPeripheral Device DiscoverySystem Information Discovery
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation
                Tasks

                static1

                Score
                N/A