Overview

overview

10

Static

static

b30e6d3b0e...6e.exe

windows7_x64

10

b30e6d3b0e...6e.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b30e6d3b0e8ee87d05da437fd7b9ca6e.exe

  • Size

    39KB

  • Sample

    210422-3v7xc2fh7a

  • MD5

    b30e6d3b0e8ee87d05da437fd7b9ca6e

  • SHA1

    690da147ac423b1666a6a633ca10f64f9258f25a

  • SHA256

    f2c5b3927505fa11f06b04e8c87a54f649c2f64f70bf84248afc67b873ecb88c

  • SHA512

    a67ea54c6fa5aaeefce3eb9bf5ce6e887ecc3302b3c9fe1597929a3b3cf43820b408413b0a3b170c0c1c6510b6f23c06af331efd73c1bd62ee115c08b1f1ee66

Score
10/10
redlineeuinfostealerspyware

Malware Config

Extracted

Family

redline

Botnet

EU

C2

download3.info:80

Targets

    • Target

      b30e6d3b0e8ee87d05da437fd7b9ca6e.exe

    • Size

      39KB

    • MD5

      b30e6d3b0e8ee87d05da437fd7b9ca6e

    • SHA1

      690da147ac423b1666a6a633ca10f64f9258f25a

    • SHA256

      f2c5b3927505fa11f06b04e8c87a54f649c2f64f70bf84248afc67b873ecb88c

    • SHA512

      a67ea54c6fa5aaeefce3eb9bf5ce6e887ecc3302b3c9fe1597929a3b3cf43820b408413b0a3b170c0c1c6510b6f23c06af331efd73c1bd62ee115c08b1f1ee66

    Score
    10/10
    redlineeuinfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks