metastealer | 98fea55f7585644b6f43651491e22f91fd57a1b99c4320c11a0f67ce7c486885 | Triage

Submit
Reports

Overview

overview

Static

static

a410935df7...7c.exe

windows7_x64

a410935df7...7c.exe

windows10-2004_x64

Sharing

General

Target

a410935df72f79ea065d92b0036b287c.exe
Size

4.5MB
Sample

220414-slqqhsdbeq
MD5

a410935df72f79ea065d92b0036b287c
SHA1

28465a4ab42d116fe260e103557b60dca92e02ce
SHA256

98fea55f7585644b6f43651491e22f91fd57a1b99c4320c11a0f67ce7c486885
SHA512

359f3c9af3a2968a0be4952bc2b286db670e546ac0232a0c0ac6fe39347c485e1ac140755be5c9e45606f5a02354802b1a6699bccf6e56ad1435105471c6d03d

Score

10^/10

metastealer redline 10 evasion infostealer spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

a410935df72f79ea065d92b0036b287c.exe

Resource

win7-20220331-en

redline 10 evasion infostealer spyware trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

a410935df72f79ea065d92b0036b287c.exe

Resource

win10v2004-20220310-en

metastealer redline 10 evasion infostealer spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

10

C2

185.183.32.227:80

Attributes

auth_value
187348b4b0ba6b71d26eaf47eb720dc2

Targets

- Target
  
  a410935df72f79ea065d92b0036b287c.exe
- Size
  
  4.5MB
- MD5
  
  a410935df72f79ea065d92b0036b287c
- SHA1
  
  28465a4ab42d116fe260e103557b60dca92e02ce
- SHA256
  
  98fea55f7585644b6f43651491e22f91fd57a1b99c4320c11a0f67ce7c486885
- SHA512
  
  359f3c9af3a2968a0be4952bc2b286db670e546ac0232a0c0ac6fe39347c485e1ac140755be5c9e45606f5a02354802b1a6699bccf6e56ad1435105471c6d03d
Score

10^/10

redline 10 evasion infostealer spyware trojan metastealer stealer
- Meta Stealer Stealer
  Meta Stealer steals passwords stored in browsers, written in C++.
  stealer metastealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline10evasioninfostealerspywaretrojan

behavioral2

metastealerredline10evasioninfostealerspywarestealertrojan

© 2018-2024

Terms | Privacy