Overview

overview

10

Static

static

a08729a8e9...4b.exe

windows7_x64

10

a08729a8e9...4b.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a08729a8e9457d19abe9c26fb148c74b.exe

  • Size

    431KB

  • Sample

    210927-bdvwtsfea7

  • MD5

    a08729a8e9457d19abe9c26fb148c74b

  • SHA1

    d1451fdf426c4b95dbdc1068d0cb5628db6e4a40

  • SHA256

    5940f101c2313af56b4a56a059c9bc99db6384c9d5b2c78d214dcbb4925da303

  • SHA512

    65d928d0ebbd312e02e23492b1fd1b140f19d935bc8851233a6807d8827b23963b9ebc3d77946d630483e26fbd60015e924b81a6bd37296ef9ab1a62fd3c1054

Score
10/10
redline@rulojadiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

@Ruloja

C2

45.147.197.123:31820

Targets

    • Target

      a08729a8e9457d19abe9c26fb148c74b.exe

    • Size

      431KB

    • MD5

      a08729a8e9457d19abe9c26fb148c74b

    • SHA1

      d1451fdf426c4b95dbdc1068d0cb5628db6e4a40

    • SHA256

      5940f101c2313af56b4a56a059c9bc99db6384c9d5b2c78d214dcbb4925da303

    • SHA512

      65d928d0ebbd312e02e23492b1fd1b140f19d935bc8851233a6807d8827b23963b9ebc3d77946d630483e26fbd60015e924b81a6bd37296ef9ab1a62fd3c1054

    Score
    10/10
    redline@rulojadiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks