Overview

overview

10

Static

static

Installer.exe

windows7_x64

10

Installer.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Installer.exe

  • Size

    168KB

  • Sample

    211024-thx6vsfebk

  • MD5

    2853908eb84e04fb6f89067d3f11c13b

  • SHA1

    52599b74438e3af584ca6ceddbf4edb149567bb1

  • SHA256

    4df51739c06f4aedf119be89182dd6a8adaa6784ffe9305de0756fb8aaec2164

  • SHA512

    e9798a26a5cbbeb965c697ca9153a8c9f1424e61ee6c47c260b97416697cc84ac0ada2bf89188f5deba9c9537a8f502cc0bbbc302d5df639e4d3a4b30d871ecc

Score
10/10
redlinediscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

C2

141.94.188.139:43059

Targets

    • Target

      Installer.exe

    • Size

      168KB

    • MD5

      2853908eb84e04fb6f89067d3f11c13b

    • SHA1

      52599b74438e3af584ca6ceddbf4edb149567bb1

    • SHA256

      4df51739c06f4aedf119be89182dd6a8adaa6784ffe9305de0756fb8aaec2164

    • SHA512

      e9798a26a5cbbeb965c697ca9153a8c9f1424e61ee6c47c260b97416697cc84ac0ada2bf89188f5deba9c9537a8f502cc0bbbc302d5df639e4d3a4b30d871ecc

    Score
    10/10
    redlinediscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks