General
Target

MVPInstaller.exe

Size

255KB

Sample

220429-qee94aaeg4

Score
10/10
MD5

883eb374a6710283bab49bd840d911c7

SHA1

29416739657f2d2b7a900dca6ddeda755852818e

SHA256

24bde190edd5fda4b47d376abef29d385d655c11ccfdeb314ffced065675cad4

SHA512

b2a159e495624cee478be7d3ff409c9d89eb6e8cb021904ab302df4910874013a305ea10100fae12685d8fc0694d84c553e4f61a194498fd0d5ee2bf6cc5527d

Malware Config

Extracted

Family

redline

Botnet

1

C2

116.202.19.253:30602

Attributes
auth_value
da0d7d77d8ec04c55cc5ace3d9113a5c
Targets
Target

MVPInstaller.exe

MD5

883eb374a6710283bab49bd840d911c7

Filesize

255KB

Score
10/10
SHA1

29416739657f2d2b7a900dca6ddeda755852818e

SHA256

24bde190edd5fda4b47d376abef29d385d655c11ccfdeb314ffced065675cad4

SHA512

b2a159e495624cee478be7d3ff409c9d89eb6e8cb021904ab302df4910874013a305ea10100fae12685d8fc0694d84c553e4f61a194498fd0d5ee2bf6cc5527d

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks

                    static1

                    Score
                    N/A