Overview

overview

10

Static

static

3

a53d95ad10...f7.exe

windows7-x64

10

a53d95ad10...f7.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    a53d95ad10e6424ecc57b91e6bcd73f7.exe

  • Size

    760KB

  • Sample

    230527-rrt5fsce7y

  • MD5

    a53d95ad10e6424ecc57b91e6bcd73f7

  • SHA1

    d0efd476a4f78240bb829ed74aa3fd0e7afcd64f

  • SHA256

    612a40afbbc2d8ef6c3625a74b339ed2da36480433e099a0461aa1c5dd569028

  • SHA512

    af9e4650c470244834c9461d62a31bb0aeb6520186ef787493b155283fdeac1e59f7133abaf7da52e09be0db6afdc1271a57140c8c47dff807c121d262750aa4

  • SSDEEP

    12288:tMrty90v2AzIfELXj2PQpxMlfPErp6IqTvoTJejUnQlm35M6hUp85TDE20gHr4z/:syFAzYEWPFleYIqgJejfw5h75TY20gLM

Score
10/10
redlinedusamundermusadiscoveryevasioninfostealerpersistencespywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

musa

C2

83.97.73.127:19062

Attributes
  • auth_value

    745cd242a52ab79c9c9026155d62f359

Extracted

Family

redline

Botnet

munder

C2

83.97.73.127:19062

Attributes
  • auth_value

    159bf350f6393f0d879c80a22059fba2

Extracted

Family

redline

Botnet

dusa

C2

83.97.73.127:19062

Attributes
  • auth_value

    ee896466545fedf9de5406175fb82de5

Targets

    • Target

      a53d95ad10e6424ecc57b91e6bcd73f7.exe

    • Size

      760KB

    • MD5

      a53d95ad10e6424ecc57b91e6bcd73f7

    • SHA1

      d0efd476a4f78240bb829ed74aa3fd0e7afcd64f

    • SHA256

      612a40afbbc2d8ef6c3625a74b339ed2da36480433e099a0461aa1c5dd569028

    • SHA512

      af9e4650c470244834c9461d62a31bb0aeb6520186ef787493b155283fdeac1e59f7133abaf7da52e09be0db6afdc1271a57140c8c47dff807c121d262750aa4

    • SSDEEP

      12288:tMrty90v2AzIfELXj2PQpxMlfPErp6IqTvoTJejUnQlm35M6hUp85TDE20gHr4z/:syFAzYEWPFleYIqgJejfw5h75TY20gLM

    Score
    10/10
    redlinedusamundermusadiscoveryevasioninfostealerpersistencespywarestealertrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks