Overview

overview

10

Static

static

fcd520e66c...2e.exe

windows7-x64

10

fcd520e66c...2e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fcd520e66c1d5395d3d03dabd4f7f92e.exe

  • Size

    402KB

  • Sample

    221110-k2qrfsgec5

  • MD5

    fcd520e66c1d5395d3d03dabd4f7f92e

  • SHA1

    870348a40c0f06d6c222b8e0ffc4ddcad2e510bf

  • SHA256

    eba133e09515dd96cc878da6ef2e4d6728d0d263861fe8f55b31b27162b284ba

  • SHA512

    3077e64abe8bd542626b07c8147b76344f27105decd5125af1e36bd35a8598b456d09df4926a974e61adeeacf74c8eab1031677d25ca23152d5a346698e7a601

  • SSDEEP

    6144:F5aWaLr2KM18ijRjqaqnS5KIrqthzdKOJAkDHcM6++ra9n:iLOKM1t7qna7kqtkDI+6

Score
10/10
amadeyeternityredlinemaoredlinecollectiondiscoveryinfostealerpersistencespywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

REDLINE

C2

80.66.87.60:80

Attributes
  • auth_value

    0031c8881e219bb78b7e6bf19f4b67c1

Extracted

Family

eternity

C2

http://eternityms33k74r7iuuxfda4sqsiei3o3lbtr5cpalf6f4skszpruad.onion

Extracted

Family

redline

Botnet

mao

C2

77.73.134.251:4691

Attributes
  • auth_value

    a06897b11f5e600c4479f1b544acc337

Targets

    • Target

      fcd520e66c1d5395d3d03dabd4f7f92e.exe

    • Size

      402KB

    • MD5

      fcd520e66c1d5395d3d03dabd4f7f92e

    • SHA1

      870348a40c0f06d6c222b8e0ffc4ddcad2e510bf

    • SHA256

      eba133e09515dd96cc878da6ef2e4d6728d0d263861fe8f55b31b27162b284ba

    • SHA512

      3077e64abe8bd542626b07c8147b76344f27105decd5125af1e36bd35a8598b456d09df4926a974e61adeeacf74c8eab1031677d25ca23152d5a346698e7a601

    • SSDEEP

      6144:F5aWaLr2KM18ijRjqaqnS5KIrqthzdKOJAkDHcM6++ra9n:iLOKM1t7qna7kqtkDI+6

    Score
    10/10
    amadeyeternityredlinemaoredlinecollectiondiscoveryinfostealerpersistencespywarestealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Detect Amadey credential stealer module

    • Eternity

      Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

      eternity

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Credential Access

Credentials in Files

3
T1081

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks