redline | 83037ad76ddddabca05efe07e731d65c5d9069ad889e46306b753cbc7561fa59 | Triage

Submit
Reports

Overview

overview

Static

static

3

83037ad76d...59.exe

windows7-x64

83037ad76d...59.exe

windows10-2004-x64

Sharing

General

Target

83037ad76ddddabca05efe07e731d65c5d9069ad889e46306b753cbc7561fa59.exe
Size

438KB
Sample

240615-b7pa5syekl
MD5

cf613db0a4c345455a59fa2f70e084ee
SHA1

2d1b8beaa44d2716d2b283a7cc486d744ecc4d8e
SHA256

83037ad76ddddabca05efe07e731d65c5d9069ad889e46306b753cbc7561fa59
SHA512

9def72afaaa214d8f2fad905d6eee731b269826b59e6471700f342f9fa040f8f9007e94ef073027f3d5a5060fe4dd35c63a276e301ea5cd9a3d793c73ab28759
SSDEEP

6144:xrA56K0kbJMIrBu4dNMxu2wn27dNIySzGdSkAxjWoQaH6a7K++lDAA:256caI0+sw8dk6qjWoZFeddAA

Score

10^/10

redline xworm 0011 discovery infostealer rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

83037ad76ddddabca05efe07e731d65c5d9069ad889e46306b753cbc7561fa59.exe

Resource

win7-20240220-en

redline xworm 0011 discovery infostealer rat spyware stealer trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

83037ad76ddddabca05efe07e731d65c5d9069ad889e46306b753cbc7561fa59.exe

Resource

win10v2004-20240508-en

redline xworm 0011 infostealer rat trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

0011

C2

185.91.127.219:33455

Extracted

Family

xworm

Version

3.1

C2

200.9.155.204:7000

Mutex

vzUmpEGHgtkl8VDB

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  83037ad76ddddabca05efe07e731d65c5d9069ad889e46306b753cbc7561fa59.exe
- Size
  
  438KB
- MD5
  
  cf613db0a4c345455a59fa2f70e084ee
- SHA1
  
  2d1b8beaa44d2716d2b283a7cc486d744ecc4d8e
- SHA256
  
  83037ad76ddddabca05efe07e731d65c5d9069ad889e46306b753cbc7561fa59
- SHA512
  
  9def72afaaa214d8f2fad905d6eee731b269826b59e6471700f342f9fa040f8f9007e94ef073027f3d5a5060fe4dd35c63a276e301ea5cd9a3d793c73ab28759
- SSDEEP
  
  6144:xrA56K0kbJMIrBu4dNMxu2wn27dNIySzGdSkAxjWoQaH6a7K++lDAA:256caI0+sw8dk6qjWoZFeddAA
Score

10^/10

redline xworm 0011 discovery infostealer rat spyware stealer trojan
- Detect Xworm Payload
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Detects Windows executables referencing non-Windows User-Agents
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinexworm0011discoveryinfostealerratspywarestealertrojan

behavioral2

redlinexworm0011infostealerrattrojan

© 2018-2024

Terms | Privacy