metastealer | b5c4acf55126207efb15b26683b7c0817b32717bb497622999413e54d26f04ce | Triage

Sharing

General

Target

b5c4acf55126207efb15b26683b7c0817b32717bb4976.exe
Size

634KB
Sample

220415-bkhj3sahf4
MD5

e8a57951fb4a981c29177e678a4d69e0
SHA1

9f088792cb02b9f31b57fe7a82f1a34e49c4c376
SHA256

b5c4acf55126207efb15b26683b7c0817b32717bb497622999413e54d26f04ce
SHA512

d62e6a4f5ca2addd81973002bc664b80dab664b444810110fba9062c20f77f68620d84dbacc30678bf25d85e6364aea7c1e63569225587d704f8631958fecc5a

Score

10^/10

metastealer redline mix15.04 discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

mix15.04

C2

185.215.113.70:12189

Attributes

auth_value
7be339254ae826f7fe03de06dd444581

Targets

- Target
  
  b5c4acf55126207efb15b26683b7c0817b32717bb4976.exe
- Size
  
  634KB
- MD5
  
  e8a57951fb4a981c29177e678a4d69e0
- SHA1
  
  9f088792cb02b9f31b57fe7a82f1a34e49c4c376
- SHA256
  
  b5c4acf55126207efb15b26683b7c0817b32717bb497622999413e54d26f04ce
- SHA512
  
  d62e6a4f5ca2addd81973002bc664b80dab664b444810110fba9062c20f77f68620d84dbacc30678bf25d85e6364aea7c1e63569225587d704f8631958fecc5a
Score

10^/10

redline mix15.04 discovery infostealer spyware stealer metastealer
- Meta Stealer Stealer
  Meta Stealer steals passwords stored in browsers, written in C++.
  stealer metastealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

redlinemix15.04discoveryinfostealerspywarestealer

behavioral2

metastealerdiscoveryspywarestealer