Overview

overview

10

Static

static

eabb876f62...77.exe

windows7_x64

10

eabb876f62...77.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eabb876f62eff390575fdefbf1610b77.exe

  • Size

    11KB

  • Sample

    211206-jn93hadeer

  • MD5

    eabb876f62eff390575fdefbf1610b77

  • SHA1

    77eb326354b51c47c365e6f962ac13927151c931

  • SHA256

    4eac12423a78201d89bf682621b5be5409f9667140f853115ed151c4af89abcb

  • SHA512

    29b3be38eb22c036e09d7547db8d8e448fd77d674a85b3054ff428c6f28c57353e3980b058f976314836c07b544735383d3da48dbf72c33acf29ed37ae5fcebd

Score
10/10
redlinelastlovelyinfostealerpersistence

Malware Config

Extracted

Family

redline

Botnet

LastLovely

C2

95.181.152.177:21142

Targets

    • Target

      eabb876f62eff390575fdefbf1610b77.exe

    • Size

      11KB

    • MD5

      eabb876f62eff390575fdefbf1610b77

    • SHA1

      77eb326354b51c47c365e6f962ac13927151c931

    • SHA256

      4eac12423a78201d89bf682621b5be5409f9667140f853115ed151c4af89abcb

    • SHA512

      29b3be38eb22c036e09d7547db8d8e448fd77d674a85b3054ff428c6f28c57353e3980b058f976314836c07b544735383d3da48dbf72c33acf29ed37ae5fcebd

    Score
    10/10
    redlinelastlovelyinfostealerpersistence

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks