General

  • Target

    GhazisMyotonia.exe

  • Size

    538KB

  • Sample

    240410-rp23aaah56

  • MD5

    ce3ef591c491d85bd66a71a172b35338

  • SHA1

    eee8ef55e6a963db7d22901c6538e53a00ebf5f6

  • SHA256

    0a57f9fb4ca1c5d24acefa4a73d2bc3c27b68020a7aa8ccf3c70a78563d90eed

  • SHA512

    1e3166a2493112f2271439f1d234acddf67ad45d3c5cc632f1649e96eeb2f5783569406be06b32cc91a46e9cd6e31bd5efadbc7fdb113b96477c1e824b8031e9

  • SSDEEP

    12288:xVqXp1DaoptSbgyk3337vBpE65aQnU5T:xVqHak0KvBpHaQY

Malware Config

Targets

    • Target

      GhazisMyotonia.exe

    • Size

      538KB

    • MD5

      ce3ef591c491d85bd66a71a172b35338

    • SHA1

      eee8ef55e6a963db7d22901c6538e53a00ebf5f6

    • SHA256

      0a57f9fb4ca1c5d24acefa4a73d2bc3c27b68020a7aa8ccf3c70a78563d90eed

    • SHA512

      1e3166a2493112f2271439f1d234acddf67ad45d3c5cc632f1649e96eeb2f5783569406be06b32cc91a46e9cd6e31bd5efadbc7fdb113b96477c1e824b8031e9

    • SSDEEP

      12288:xVqXp1DaoptSbgyk3337vBpE65aQnU5T:xVqHak0KvBpHaQY

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks