Overview

overview

10

Static

static

SoftwareSetupFile.zip

windows7-x64

1

Privacy Po...me.xml

windows7-x64

1

Privacy Po...gs.xml

windows7-x64

1

Privacy Po...FS.xml

windows7-x64

1

Privacy Po...WM.xml

windows7-x64

1

Privacy Po...on.xml

windows7-x64

1

SoftwareSe...е.exe

windows7-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SoftwareSetupFile.zip

  • Size

    3.6MB

  • Sample

    230103-wvbjqscc66

  • MD5

    c5eb843a67ba2411ad4c33e5b665f1a0

  • SHA1

    3c409f1e2013bcce047c9100b40efd072622bbd2

  • SHA256

    662735f537c23f4f570b9018a69bcd5d9ca1c908ab5e390e90cfb08275107627

  • SHA512

    97b262208cc109b5656c3ac5dbaf7a7aa649e4c1cb85dcae3303d1be92e5083e14c1b3c0c916fc8ac03924fbc5ec7d7c7c27295f2c97c7d25e273d1308f15d39

  • SSDEEP

    98304:JBPd+DgsoHqzd6TdgzSWyagdbY120GrBa:5+UDKp6ZgrFgdM1Ea

Score
10/10
redlinemetadiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

Meta

C2

109.205.214.6:81

Attributes
  • auth_value

    ff920b9b3b34fa545260b11f0ece519d

Targets

    • Target

      SoftwareSetupFile.zip

    • Size

      3.6MB

    • MD5

      c5eb843a67ba2411ad4c33e5b665f1a0

    • SHA1

      3c409f1e2013bcce047c9100b40efd072622bbd2

    • SHA256

      662735f537c23f4f570b9018a69bcd5d9ca1c908ab5e390e90cfb08275107627

    • SHA512

      97b262208cc109b5656c3ac5dbaf7a7aa649e4c1cb85dcae3303d1be92e5083e14c1b3c0c916fc8ac03924fbc5ec7d7c7c27295f2c97c7d25e273d1308f15d39

    • SSDEEP

      98304:JBPd+DgsoHqzd6TdgzSWyagdbY120GrBa:5+UDKp6ZgrFgdM1Ea

    Score
    1/10
    behavioral1

    • Target

      Privacy Policу/AppXRuntime.admx

    • Size

      3KB

    • MD5

      88d794ea092ef395433cfa321d06e5e4

    • SHA1

      f1f7c7dfbd04ac5a92cbde88bd4f087781d63c40

    • SHA256

      5afc969e4212a6511f307385c99b8868e8c873183dc271bbb95ba571b24eb53e

    • SHA512

      ebb770102b8202de4bb7319cbc2cda860e4de5d1e95f0fbef4d4890aa2b22cd48cf73909d028a37b507926b4fad573716fba16e50b8f9eca8d5feab00ac17cca

    Score
    1/10
    behavioral2

    • Target

      Privacy Policу/AuditSettings.admx

    • Size

      1KB

    • MD5

      9a36a7410b4ef98b36da553e050b9788

    • SHA1

      4ba6e5225a7c5daf30f4947b9288b708e8e557e8

    • SHA256

      ebac316580540b7ee8e399f890470527e456f2c6a103fcc899f4b2442d8e69f7

    • SHA512

      7cd81f2bedde51bca3a1f5a0889870be71ef521e5c331f1c8ba4ce97bf604adfff6cafa0fe707ed55df62bc340c45baa189e3d07f20a466ee7254f3c6abe6b74

    Score
    1/10
    behavioral3

    • Target

      Privacy Policу/en-US/DFS.adml

    • Size

      1KB

    • MD5

      59649458234fa8ec0fa1ccf6d1a1f000

    • SHA1

      fa84dc8c633ac66d93c2cc4ca82973690cc01b06

    • SHA256

      7c621bdfa9aafbb72c6e3eaa6bd9dadb9b87b76ff3085c3ab85f94a4ba74148b

    • SHA512

      3dac7345cdf6e474ec6550890d2581e97ceccbdf3d6da446d0b4051600b81e66725e20e3905fc8ed051e00ae74b7899ecec073c828e776fb664731218f88e528

    Score
    1/10
    behavioral4

    • Target

      Privacy Policу/en-US/DWM.adml

    • Size

      4KB

    • MD5

      8c0c1f2ac3237b8aa71f88a5650c0e68

    • SHA1

      8a39fc535339841cc7573b1dcff729cec8e54114

    • SHA256

      844bf77e54e0c353537b0d1349f0173049dd36c0cb64eaee900663cd0a227ab4

    • SHA512

      c6f8ac395d011ec45ebf47812ebebf7e152db6a943566b744aa83b22529df07e3d0749d008b5f3a8a46953cccf39305966869e5efe502b1e727cf55ed7a05f4f

    • SSDEEP

      96:LeD5pm8i9yPYwH70day2JGkA5mZAOtfMtlV:E1i9Yn0zMA3G6

    Score
    1/10
    behavioral5

    • Target

      Privacy Policу/en-US/DeviceInstallation.adml

    • Size

      20KB

    • MD5

      b0d80e37838946a958789511d6090800

    • SHA1

      e80ebc94d870b40e9925d9473e83438287a3df50

    • SHA256

      ead0368b0ab7404addc0b8bd016e04d43c7a1e370a2875a6785863a53cc94095

    • SHA512

      a13d7aa56fa39803b8cb441dd6907a0f06e2b89eb478b6c6d57687f0e154de44ef959411627c33d5652d096e439f6518c624a4f159189c8da7ad51370fb12ad3

    • SSDEEP

      384:/Zy2dT4b3O+5KeqO+cpm964BNLKsuV2r4tFHsAvRzw3g:/ZBub+EKebxpm97ODVy4rHb5EQ

    Score
    1/10
    behavioral6

    • Target

      SoftwareSetuрFilе.exe

    • Size

      690.4MB

    • MD5

      95b35f12fb70251d52cc693e147133c0

    • SHA1

      1f8c5cc37c24f6ccec159de07edf3fc64104d66b

    • SHA256

      445990599534816991c6ccf1781763f855e1beff0f2d7f9305a95938edfafbcf

    • SHA512

      a4dfd8e2b3a513425c427f0b131b139e6ff7a69eabd2b2edfbea63a3ceafe54d06163a395e160b64c1e3a2406439637c8addd57e154b7b8050daf940afea0d40

    • SSDEEP

      49152:WmVlA7GqB6/KWpXeJpyYmJdIiDix/TYLAbJMZnMw2tNn1Or/GtXEJ+GRgD6Vk3j8:18Na5XeJQpU/sLAKnMwoyXsm

    Score
    10/10
    redlinemetadiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    behavioral7

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

5
T1112

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks