Overview

overview

10

Static

static

29c15bc2cf...29.exe

windows7_x64

10

29c15bc2cf...29.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    29c15bc2cfe87220c147b75eace2d829.exe

  • Size

    642KB

  • Sample

    210226-fwgcnfl6sn

  • MD5

    29c15bc2cfe87220c147b75eace2d829

  • SHA1

    e21f4b27e78ce39fc04253c20f273581d883b07c

  • SHA256

    c0c6482b9756ea9d53cccbcb85a1e3487b953f2f87e3f8cdbaac1a3f73e02725

  • SHA512

    a31b4d4bcf766fbea90856104d1229eb714082551a9e06ac8bbd8815ce763ac8c99fad0edd6f4fe68f34a4bd7786ba4c6d3a0ce64361f066d98e92d4ebe0f4ed

Score
10/10
redlinediscoveryinfostealerspyware

Malware Config

Targets

    • Target

      29c15bc2cfe87220c147b75eace2d829.exe

    • Size

      642KB

    • MD5

      29c15bc2cfe87220c147b75eace2d829

    • SHA1

      e21f4b27e78ce39fc04253c20f273581d883b07c

    • SHA256

      c0c6482b9756ea9d53cccbcb85a1e3487b953f2f87e3f8cdbaac1a3f73e02725

    • SHA512

      a31b4d4bcf766fbea90856104d1229eb714082551a9e06ac8bbd8815ce763ac8c99fad0edd6f4fe68f34a4bd7786ba4c6d3a0ce64361f066d98e92d4ebe0f4ed

    Score
    10/10
    redlinediscoveryinfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks