Overview

overview

8

Static

static

3

RedTigerTool.exe

windows11-21h2-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RedTigerTool.exe

  • Size

    102.9MB

  • Sample

    250328-sjalhszks9

  • MD5

    dc9bedd1d06e2313ba86bb1ad1bec648

  • SHA1

    c5826df39333ddd22e59d6d4f1154ef70284c410

  • SHA256

    53cc94c86ba2125d8d65d31e97494b26fc935369dad6829c2c2a8f7b8aa1dcef

  • SHA512

    f578ecdc900c80f2bf03c6c1ac703ad00d883d9651e7f3b10b676347b2241e9c73585bb0a3db6025d19feff5fda1427e5f0be001c2a8bbee3fbabb02bb686b8e

  • SSDEEP

    3145728:C5cgYRPSC++6y9X8jVd1AY5bADDxgds8mYhPiYcwCQl:GcxaC4y9X8jV75bAHCBhB8wC

Score
8/10
defense_evasiondiscoverypyinstallerspywarestealer

Malware Config

Targets

    • Target

      RedTigerTool.exe

    • Size

      102.9MB

    • MD5

      dc9bedd1d06e2313ba86bb1ad1bec648

    • SHA1

      c5826df39333ddd22e59d6d4f1154ef70284c410

    • SHA256

      53cc94c86ba2125d8d65d31e97494b26fc935369dad6829c2c2a8f7b8aa1dcef

    • SHA512

      f578ecdc900c80f2bf03c6c1ac703ad00d883d9651e7f3b10b676347b2241e9c73585bb0a3db6025d19feff5fda1427e5f0be001c2a8bbee3fbabb02bb686b8e

    • SSDEEP

      3145728:C5cgYRPSC++6y9X8jVd1AY5bADDxgds8mYhPiYcwCQl:GcxaC4y9X8jV75bAHCBhB8wC

    Score
    8/10
    defense_evasiondiscoveryspywarestealer

    • Disables Task Manager via registry modification

      defense_evasion

    • Drops file in Drivers directory

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks