Overview

overview

10

Static

static

svchost.exe

windows7_x64

10

svchost.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    svchost.exe

  • Size

    2.3MB

  • Sample

    210727-p3d7cy9e6n

  • MD5

    e2cdbe43745e8ef737fded5c21bfd162

  • SHA1

    533fc6c2aecaeca8211277ffa74d055fb7eb45fc

  • SHA256

    71d3b36be058908e96750ba536922bb0748c3b3dabe78dfc9276bed4b01ea0e6

  • SHA512

    927271572c1db35a050d1a7cf0ad85745d812a5e068f3c25b6d83e60182a46816b7655e0e52aec3dc355830514d7c43b86dfe06c5d5c7cbc3283199f467efd8f

Score
10/10
redline@kypidssinfostealer

Malware Config

Extracted

Family

redline

Botnet

@Kypidss

C2

45.14.49.109:21295

Targets

    • Target

      svchost.exe

    • Size

      2.3MB

    • MD5

      e2cdbe43745e8ef737fded5c21bfd162

    • SHA1

      533fc6c2aecaeca8211277ffa74d055fb7eb45fc

    • SHA256

      71d3b36be058908e96750ba536922bb0748c3b3dabe78dfc9276bed4b01ea0e6

    • SHA512

      927271572c1db35a050d1a7cf0ad85745d812a5e068f3c25b6d83e60182a46816b7655e0e52aec3dc355830514d7c43b86dfe06c5d5c7cbc3283199f467efd8f

    Score
    10/10
    redline@kypidssinfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Hidden Files and Directories

1
T1158

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks