Overview

overview

10

Static

static

1ce039aea6...18.exe

windows7_x64

10

1ce039aea6...18.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1ce039aea64adef141e569f8b0ac547da1e4ae0920b4060de9041cf8f16db818.exe

  • Size

    16KB

  • Sample

    210211-zjcf5n58v2

  • MD5

    ea28f02c1be43708f4a53152a022900b

  • SHA1

    515cec6125b3a21e5e9dc86661d75b8658835cf8

  • SHA256

    1ce039aea64adef141e569f8b0ac547da1e4ae0920b4060de9041cf8f16db818

  • SHA512

    45956effd7889e28f1239e1c230cff9c51dc894a0675baf8b72acc84a0eada6f95083afd4eaeeb69cd60f014c1175fbc8ef132bc4de0ce47fde5d081894d4fa5

Score
10/10
redlineinfostealer

Malware Config

Targets

    • Target

      1ce039aea64adef141e569f8b0ac547da1e4ae0920b4060de9041cf8f16db818.exe

    • Size

      16KB

    • MD5

      ea28f02c1be43708f4a53152a022900b

    • SHA1

      515cec6125b3a21e5e9dc86661d75b8658835cf8

    • SHA256

      1ce039aea64adef141e569f8b0ac547da1e4ae0920b4060de9041cf8f16db818

    • SHA512

      45956effd7889e28f1239e1c230cff9c51dc894a0675baf8b72acc84a0eada6f95083afd4eaeeb69cd60f014c1175fbc8ef132bc4de0ce47fde5d081894d4fa5

    Score
    10/10
    redlineinfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Executes dropped EXE

    • Deletes itself

    • Legitimate hosting services abused for malware hosting/C2

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks