Overview

overview

10

Static

static

10

3032-73-0x...ry.exe

windows7-x64

3032-73-0x...ry.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3032-73-0x0000000000040000-0x0000000000804000-memory.dmp

  • Size

    3.4MB

  • Sample

    231123-mjwwvshc42

  • MD5

    cf46394a0468c9b5bf534ca8db63916c

  • SHA1

    fd62cfe7add847dcdcb479c1f052217377fbe4c3

  • SHA256

    7d5b1b57d510325bb22093e27ad23ae4ad4b3910a35c0f289a2ccb39d5ca5e2f

  • SHA512

    e3890284a75f2fd1d69e25a4d07572d82f5c55c40eadf25e99f12a139993e1d36c17b50bd4710145712abfd100d4f7c9949e8e565f36085549648ff1ffb390d0

  • SSDEEP

    49152:mbvHkVuseMHuI1Nw3hKegyuHxn6NuYB18F187Fe8zDgKi6:G/kQsVS3hKeglHx6NuYB18Fy88Vi6

Score
10/10
redline1120discoveryspywarestealerthemida

Malware Config

Extracted

Family

redline

Botnet

1120

C2

194.49.94.77:22888

Targets

    • Target

      3032-73-0x0000000000040000-0x0000000000804000-memory.dmp

    • Size

      3.4MB

    • MD5

      cf46394a0468c9b5bf534ca8db63916c

    • SHA1

      fd62cfe7add847dcdcb479c1f052217377fbe4c3

    • SHA256

      7d5b1b57d510325bb22093e27ad23ae4ad4b3910a35c0f289a2ccb39d5ca5e2f

    • SHA512

      e3890284a75f2fd1d69e25a4d07572d82f5c55c40eadf25e99f12a139993e1d36c17b50bd4710145712abfd100d4f7c9949e8e565f36085549648ff1ffb390d0

    • SSDEEP

      49152:mbvHkVuseMHuI1Nw3hKegyuHxn6NuYB18F187Fe8zDgKi6:G/kQsVS3hKeglHx6NuYB18Fy88Vi6

    Score
    7/10
    discoveryspywarestealerthemida

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks