General

  • Target

    SecuriteInfo.com.Trojan.PWS.Steam.27776.32122.30617

  • Size

    939KB

  • Sample

    220415-d5by5sbger

  • MD5

    c7b2f2bf03dc91ffb2b9beab50aa5835

  • SHA1

    23c70b6de6c3a2958d1b0dc25b691106f215ac0f

  • SHA256

    e5bf5fad9a4c4d6351fc00763305c35419b1bbf9aef689973112fccdd289292f

  • SHA512

    dedc8b90306de0c0b1bfddd2f3a7a31a3c096e036a24e14794aa63dc8a40af8455110cc260ebb4651ee02c336eb9e04e99afd969e70341e2f3a770d744d86875

Malware Config

Targets

    • Target

      SecuriteInfo.com.Trojan.PWS.Steam.27776.32122.30617

    • Size

      939KB

    • MD5

      c7b2f2bf03dc91ffb2b9beab50aa5835

    • SHA1

      23c70b6de6c3a2958d1b0dc25b691106f215ac0f

    • SHA256

      e5bf5fad9a4c4d6351fc00763305c35419b1bbf9aef689973112fccdd289292f

    • SHA512

      dedc8b90306de0c0b1bfddd2f3a7a31a3c096e036a24e14794aa63dc8a40af8455110cc260ebb4651ee02c336eb9e04e99afd969e70341e2f3a770d744d86875

    • Meta Stealer Stealer

      Meta Stealer steals passwords stored in browsers, written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks