Overview

overview

10

Static

static

menu.exe

windows7_x64

10

menu.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    menu.exe

  • Size

    183KB

  • Sample

    211024-smbmzseda9

  • MD5

    6f37fca873eb5c00aa786e51393fda16

  • SHA1

    ff985dff8a17f22911e41c91106b9ed0a8b16fdc

  • SHA256

    f1c411ac29f45b10c7a090a40d7f8242e6ba06a5b94b846024e0afd4b4956f1d

  • SHA512

    6aa47c79c355f870cb7e80b83d4ef3478f6909aecaeeecfb40f831cc401673d01e604eeb34c7d08fdeb630610bcaed6d7ac5c03fd6f8bc5823e73dcd55be66f1

Score
10/10
redlinediscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

C2

185.215.113.51:56632

Targets

    • Target

      menu.exe

    • Size

      183KB

    • MD5

      6f37fca873eb5c00aa786e51393fda16

    • SHA1

      ff985dff8a17f22911e41c91106b9ed0a8b16fdc

    • SHA256

      f1c411ac29f45b10c7a090a40d7f8242e6ba06a5b94b846024e0afd4b4956f1d

    • SHA512

      6aa47c79c355f870cb7e80b83d4ef3478f6909aecaeeecfb40f831cc401673d01e604eeb34c7d08fdeb630610bcaed6d7ac5c03fd6f8bc5823e73dcd55be66f1

    Score
    10/10
    redlinediscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks