Overview

overview

10

Static

static

UniverseCity.exe

windows7-x64

10

UniverseCity.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e890bc718287c87a17c32225b95670e705cc8c08

  • Size

    5.6MB

  • Sample

    230102-xlwc8aaf3z

  • MD5

    0c9c54b7c195951728a0056e47c4c393

  • SHA1

    e890bc718287c87a17c32225b95670e705cc8c08

  • SHA256

    1253b079eef10de19525810e57c5f66b9cdef8b81879d3d49b4cbe9fe6b8167f

  • SHA512

    650160b1185da671254780f9dddb846f83d99893b402d37b4875e9b48369f8ca25b1e5f043199277fb4f49a01e8b57593c838e658a9a4c7dc50240b964be0806

  • SSDEEP

    98304:WWw7C2UIvpOYwBiElQmcSVzn0cLYCpAFxTaZL+UYN+y4r:Wd7C2UI/wvQ6Vzn/YCp/4N+y4r

Score
10/10
redlineuniversecity100infostealerspyware

Malware Config

Extracted

Family

redline

Botnet

UniverseCity100

C2

80.89.228.168:5007

Attributes
  • auth_value

    a16f64012f1825f5b9cc033dc35b580f

Targets

    • Target

      UniverseCity.exe

    • Size

      816.3MB

    • MD5

      9292518dbea741c7ef6b0e4dd46d7692

    • SHA1

      c30e4be196eceff64068ac026e6a462748f1ceb2

    • SHA256

      83974beea0b42d1473dfd2d9ce8c60818f94bf356fa8d3b9bba836963b530985

    • SHA512

      d0f9ffc262754357e349f1bb9736e3a7e9e006740c83a0c79b91fc218e5d1486d53eadc524f2829bdfa6145ac7cd907bea5c669d1bf0b5cca7afac93fd5c8e00

    • SSDEEP

      98304:4w6Tks8Ip9y88/gE1k8cIjNnoeXsU11HK3rt2avguB4et/vEw4KLOqcCLj1J1cNE:47Tks8I78bkKjNnjsU11g

    Score
    10/10
    redlineuniversecity100infostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks