Overview

overview

10

Static

static

4d2881108d...c0.exe

windows7_x64

8

4d2881108d...c0.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4d2881108d102f5bdc0fc292f0d123c0

  • Size

    806KB

  • Sample

    210818-nvsbg2jnnj

  • MD5

    4d2881108d102f5bdc0fc292f0d123c0

  • SHA1

    2fffcaa9d39849ff8fc8b7c6e9659744af91206a

  • SHA256

    c095ab547c4a1ce16be8742ab6ebbd79989a304fdabdcbfae390087d4c438592

  • SHA512

    7389689cc3300cc731891d6a7bffed2a661a7d1550fa3f8cfc50cd104502ed4a2587decc74e376c22b5293925dd86e54ae5b48c580082153aa00ee53e75ef6bf

Score
10/10
redlineruzdiscoveryevasioninfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

RUZ

C2

oltorarrar.xyz:80

Targets

    • Target

      4d2881108d102f5bdc0fc292f0d123c0

    • Size

      806KB

    • MD5

      4d2881108d102f5bdc0fc292f0d123c0

    • SHA1

      2fffcaa9d39849ff8fc8b7c6e9659744af91206a

    • SHA256

      c095ab547c4a1ce16be8742ab6ebbd79989a304fdabdcbfae390087d4c438592

    • SHA512

      7389689cc3300cc731891d6a7bffed2a661a7d1550fa3f8cfc50cd104502ed4a2587decc74e376c22b5293925dd86e54ae5b48c580082153aa00ee53e75ef6bf

    Score
    10/10
    evasionredlineruzdiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

2
T1158

Privilege Escalation

Defense Evasion

Hidden Files and Directories

2
T1158

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks