Overview

overview

10

Static

static

invice-PDF.exe

windows7_x64

10

invice-PDF.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    invice-PDF.exe

  • Size

    328KB

  • Sample

    210807-xs23214zxa

  • MD5

    834d0436e95f39ceedc7cd44f1cdf783

  • SHA1

    3e75f3e0cc374b764be385f2080319d24dd2e1f6

  • SHA256

    ede7098a421db325ec6704d3dcf0e91f26787fea3ff2215dca12b8160e22ec80

  • SHA512

    0350ae6a29b7c3bb8e51386482343a728eec280cec949ab8c0a76072fa46a9efbda9082c3a887da40b2cc97ed56850315f90b6717900c8b0db2e350db27a265e

Score
10/10
redlinev1discoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

v1

C2

176.10.118.231:54808

Targets

    • Target

      invice-PDF.exe

    • Size

      328KB

    • MD5

      834d0436e95f39ceedc7cd44f1cdf783

    • SHA1

      3e75f3e0cc374b764be385f2080319d24dd2e1f6

    • SHA256

      ede7098a421db325ec6704d3dcf0e91f26787fea3ff2215dca12b8160e22ec80

    • SHA512

      0350ae6a29b7c3bb8e51386482343a728eec280cec949ab8c0a76072fa46a9efbda9082c3a887da40b2cc97ed56850315f90b6717900c8b0db2e350db27a265e

    Score
    10/10
    redlinev1discoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks