Overview

overview

10

Static

static

49025966d2dd61...e2.exe

windows7_x64

10

49025966d2dd61...e2.exe

windows10_x64

10
General
Target

49025966d2dd612fc1e423b01620debfd4c97701aefe2.exe

Size

1MB

Sample

210518-w542592d32

Score
10/10
MD5

d6109df4ffa4303e3c30ba997735b689

SHA1

65ac8413b14d7ccb6c848e849caa0de7900116ee

SHA256

49025966d2dd612fc1e423b01620debfd4c97701aefe26a836cea9e2f2d6ab47

SHA512

5e735b12e77ab991c9d54b701645268579f154573aa8a04d8bf2cdb5ed59d3a8ede9f5e55cbce848cd5323fa1e6b3950d12ec5bb7a0bebb403d3711979e1cc8b

Malware Config

Extracted

Family

redline
Botnet

1111
C2

65.21.144.202:62942
Targets
Target

49025966d2dd612fc1e423b01620debfd4c97701aefe2.exe

MD5

d6109df4ffa4303e3c30ba997735b689

Filesize

1MB

Score
10/10
SHA1

65ac8413b14d7ccb6c848e849caa0de7900116ee

SHA256

49025966d2dd612fc1e423b01620debfd4c97701aefe26a836cea9e2f2d6ab47

SHA512

5e735b12e77ab991c9d54b701645268579f154573aa8a04d8bf2cdb5ed59d3a8ede9f5e55cbce848cd5323fa1e6b3950d12ec5bb7a0bebb403d3711979e1cc8b

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local SystemCredentials in Files

  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry

  • Suspicious use of SetThreadContext

Related Tasks

behavioral1behavioral2
MITRE ATT&CK Matrix
Collection
Command and Control
    Credential Access
    Defense Evasion
      Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks

                    static1

                    Score
                    N/A

                    behavioral1

                    Score
                    10/10

                    behavioral2

                    Score
                    10/10