Overview

overview

10

Static

static

FAD165B5BA...3E.exe

windows7_x64

10

FAD165B5BA...3E.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FAD165B5BA7DDB0389733F6B979EAE3E.exe

  • Size

    2.4MB

  • Sample

    210504-v1ztnrlcte

  • MD5

    fad165b5ba7ddb0389733f6b979eae3e

  • SHA1

    e3641696b0cb2137501ad51501225ee79757ba2b

  • SHA256

    328c5eb8908b83c474ab4ab892ac1c2cae066f1f55dbcd15d850b54cc0f4c3cc

  • SHA512

    621ba451d47acb409ce309322236ce53c4dd514a40ece5cb3beaf509ce9241bf410e792efea2d2435d7fb0c87b2ee3c649f9a8274e0e852b534e1263954a95fc

Score
10/10
redline@osix7infostealerspyware

Malware Config

Extracted

Family

redline

Botnet

@Osix7

C2

briaseynan.xyz:80

Targets

    • Target

      FAD165B5BA7DDB0389733F6B979EAE3E.exe

    • Size

      2.4MB

    • MD5

      fad165b5ba7ddb0389733f6b979eae3e

    • SHA1

      e3641696b0cb2137501ad51501225ee79757ba2b

    • SHA256

      328c5eb8908b83c474ab4ab892ac1c2cae066f1f55dbcd15d850b54cc0f4c3cc

    • SHA512

      621ba451d47acb409ce309322236ce53c4dd514a40ece5cb3beaf509ce9241bf410e792efea2d2435d7fb0c87b2ee3c649f9a8274e0e852b534e1263954a95fc

    Score
    10/10
    redline@osix7infostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks