Overview

overview

10

Static

static

c89928a29e...92.exe

windows7_x64

10

c89928a29e...92.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c89928a29ebf0c8c2acd7d9a457236e15d1a604d5c892.exe

  • Size

    135KB

  • Sample

    210503-4zpmewyhds

  • MD5

    a8c90b03aa400acb0a7a97e6844ffff4

  • SHA1

    2c1e9e53b0f3a8f0595b0e0eb845d3d23e38d242

  • SHA256

    c89928a29ebf0c8c2acd7d9a457236e15d1a604d5c892ec5d750d94e68e4c108

  • SHA512

    bb9fa35a4b8e0d3553bc214b1f6a4e076c830cf8e2fbe7fff44a3120c91a9f543c7fffe2ecaab466f96f18c9baec31cda454ab8f6e6b580575c088eda9239642

Score
10/10
redlinegood_mdinfostealerspyware

Malware Config

Extracted

Family

redline

Botnet

good_md

C2

188.119.112.16:41392

Targets

    • Target

      c89928a29ebf0c8c2acd7d9a457236e15d1a604d5c892.exe

    • Size

      135KB

    • MD5

      a8c90b03aa400acb0a7a97e6844ffff4

    • SHA1

      2c1e9e53b0f3a8f0595b0e0eb845d3d23e38d242

    • SHA256

      c89928a29ebf0c8c2acd7d9a457236e15d1a604d5c892ec5d750d94e68e4c108

    • SHA512

      bb9fa35a4b8e0d3553bc214b1f6a4e076c830cf8e2fbe7fff44a3120c91a9f543c7fffe2ecaab466f96f18c9baec31cda454ab8f6e6b580575c088eda9239642

    Score
    10/10
    redlinegood_mdinfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks