Overview

overview

10

Static

static

9a44b63f32...73.exe

windows7_x64

10

9a44b63f32...73.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9a44b63f32b586099420810f08c13873.exe

  • Size

    595KB

  • Sample

    210310-w4pr4l48r6

  • MD5

    9a44b63f32b586099420810f08c13873

  • SHA1

    c5c7b81bb487e7a97edc0679f2d744d5f28a4ccc

  • SHA256

    1d6594dae8104135ded8e7ccb1adb6805ef9d770d866b8786dec290a639c9920

  • SHA512

    2d1ab694f97eff57a8e04daaf1a45da11a2b825b03db9964ff7d54f096801e14c70fd7baacdb66571b2b1cb047cc50c1d4cbd302a74e3256f36cea5569cc585e

Score
10/10
redlinediscoveryinfostealerspyware

Malware Config

Targets

    • Target

      9a44b63f32b586099420810f08c13873.exe

    • Size

      595KB

    • MD5

      9a44b63f32b586099420810f08c13873

    • SHA1

      c5c7b81bb487e7a97edc0679f2d744d5f28a4ccc

    • SHA256

      1d6594dae8104135ded8e7ccb1adb6805ef9d770d866b8786dec290a639c9920

    • SHA512

      2d1ab694f97eff57a8e04daaf1a45da11a2b825b03db9964ff7d54f096801e14c70fd7baacdb66571b2b1cb047cc50c1d4cbd302a74e3256f36cea5569cc585e

    Score
    10/10
    redlinediscoveryinfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks