Overview

overview

10

Static

static

SecuriteIn...92.exe

windows7_x64

10

SecuriteIn...92.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Variant.Ursu.588815.10992.20911

  • Size

    525KB

  • Sample

    220706-lzje2abdem

  • MD5

    15f43d61bee241657b1ad10d6aa11e57

  • SHA1

    83e96ecb233bd270b4f002c55aa28e92306650ef

  • SHA256

    538e65ae9a73e15bd98c8fd0b5ecce5aaecdeb5e36a12a416a56a78c3cfbb3c8

  • SHA512

    0e8a516e1439ec1a871d2afba0140a38f2ac8f4f13ad2283d334edf01537aa147023abf81957118b347c7634a05651fb26177e634ba8882d79c35754cfac9e5a

Score
10/10
redlinewizzyinfostealerspyware

Malware Config

Extracted

Family

redline

Botnet

wizzy

C2

107.182.128.57:48273

Targets

    • Target

      SecuriteInfo.com.Variant.Ursu.588815.10992.20911

    • Size

      525KB

    • MD5

      15f43d61bee241657b1ad10d6aa11e57

    • SHA1

      83e96ecb233bd270b4f002c55aa28e92306650ef

    • SHA256

      538e65ae9a73e15bd98c8fd0b5ecce5aaecdeb5e36a12a416a56a78c3cfbb3c8

    • SHA512

      0e8a516e1439ec1a871d2afba0140a38f2ac8f4f13ad2283d334edf01537aa147023abf81957118b347c7634a05651fb26177e634ba8882d79c35754cfac9e5a

    Score
    10/10
    redlinewizzyinfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Executes dropped EXE

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Scripting

1
T1064

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks