Overview

overview

10

Static

static

tmp77EA.tmp.exe

windows7-x64

10

tmp77EA.tmp.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tmp77EA.tmp.exe

  • Size

    2.3MB

  • Sample

    230126-1m1k4sfe99

  • MD5

    1d85c4d35f557fbbde158258300b753f

  • SHA1

    1a0f596ee4f5abdb3dc3bad8a1247625fce982ea

  • SHA256

    36ccb94aa071489c4f03b72cd09c2560e40d66e541e006b5f6ca1b6e84ef2e1a

  • SHA512

    09aa7748f392dd2104672e4f774d717298659bb6df21db51de8455e01dba0ee0d5761ecf7cf5bd24eaae80943b91ed4ab189d1e1a0df9621636bb33a2e2cdd52

  • SSDEEP

    49152:Vg9FpS1fbJT9VhpwKxh5ors6lz1u1M6s1V2hcCudLP1FqDfk:S9FpYJT9pw+2sMz1u1M6s/2HIPjqDc

Score
10/10
purecrypterredlineredlinediscoverydownloaderinfostealerloaderspywarestealer

Malware Config

Extracted

Family

redline

Botnet

redline

C2

79.137.133.225:25999

Attributes
  • auth_value

    38284dbf15da9b4a9eaee0ef0d2b343f

Targets

    • Target

      tmp77EA.tmp.exe

    • Size

      2.3MB

    • MD5

      1d85c4d35f557fbbde158258300b753f

    • SHA1

      1a0f596ee4f5abdb3dc3bad8a1247625fce982ea

    • SHA256

      36ccb94aa071489c4f03b72cd09c2560e40d66e541e006b5f6ca1b6e84ef2e1a

    • SHA512

      09aa7748f392dd2104672e4f774d717298659bb6df21db51de8455e01dba0ee0d5761ecf7cf5bd24eaae80943b91ed4ab189d1e1a0df9621636bb33a2e2cdd52

    • SSDEEP

      49152:Vg9FpS1fbJT9VhpwKxh5ors6lz1u1M6s1V2hcCudLP1FqDfk:S9FpYJT9pw+2sMz1u1M6s/2HIPjqDc

    Score
    10/10
    purecrypterredlineredlinediscoverydownloaderinfostealerloaderspywarestealer

    • Detect PureCrypter injector

      loader

    • PureCrypter

      PureCrypter is a .NET malware loader first seen in early 2021.

      loaderdownloaderpurecrypter

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks