Overview

overview

10

Static

static

1

Camtasia.exe

windows7-x64

10

Camtasia.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Camtasia.exe

  • Size

    701.0MB

  • Sample

    230303-vtvqjsaf48

  • MD5

    3edabce0833a1fe15dcf374c29ad293e

  • SHA1

    68aec7add651fcb8597a0b5e5943b9bc460e4875

  • SHA256

    bc0c6f3edcce5f2b15ce4c6f1dbb391c8379693ddf7532462f33857eb6f0ffbd

  • SHA512

    1f34ff99afd072fea608cc52887f1d11726bf02c043d76cee24403a6f4bfa18e9ef7bbe916a31dae5600a5e9fa0785bd48836788306f4211dd24096b9e2a58db

  • SSDEEP

    3072:q1/3moQkgU0CwlvwReBFpkVLSYrVEWYw+QeTOUD69qjiwcI/s2o7Pn9SgOStEWLU:yWxNv+eyOq+JTDaq2Jf2mnAgNfSVLD

Score
10/10
redlineytinfostealerspyware

Malware Config

Extracted

Family

redline

Botnet

yt

C2

65.109.139.121:28859

Attributes
  • auth_value

    c85b149d6d3359b3fe4dd1dfcc5864e8

Targets

    • Target

      Camtasia.exe

    • Size

      701.0MB

    • MD5

      3edabce0833a1fe15dcf374c29ad293e

    • SHA1

      68aec7add651fcb8597a0b5e5943b9bc460e4875

    • SHA256

      bc0c6f3edcce5f2b15ce4c6f1dbb391c8379693ddf7532462f33857eb6f0ffbd

    • SHA512

      1f34ff99afd072fea608cc52887f1d11726bf02c043d76cee24403a6f4bfa18e9ef7bbe916a31dae5600a5e9fa0785bd48836788306f4211dd24096b9e2a58db

    • SSDEEP

      3072:q1/3moQkgU0CwlvwReBFpkVLSYrVEWYw+QeTOUD69qjiwcI/s2o7Pn9SgOStEWLU:yWxNv+eyOq+JTDaq2Jf2mnAgNfSVLD

    Score
    10/10
    redlineytinfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks