Overview

overview

10

Static

static

1

9BF4C9B6C5...45.exe

windows7_x64

10

9BF4C9B6C5...45.exe

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9BF4C9B6C5E930CE91B84920A73D9111793E6D3147745.exe

  • Size

    1.1MB

  • Sample

    220120-z7wxzsbgd9

  • MD5

    3db8aaeede991e343f4a58c029d5bcb6

  • SHA1

    dce0cf75d9080b4c31425adbc899d21f0ebb5c0f

  • SHA256

    9bf4c9b6c5e930ce91b84920a73d9111793e6d31477458043e94b649147ebf71

  • SHA512

    ae2e99816106a935498f977bf31dd995d315dcdb0237904bce86ccc525732d4b5353376818af87337396370e0cc23ebd321b4ecf1cb30c04969ea0a20ff8df31

Score
10/10
redline1infostealerpersistence

Malware Config

Extracted

Family

redline

Botnet

1

C2

vigasiergu.xyz:80

Targets

    • Target

      9BF4C9B6C5E930CE91B84920A73D9111793E6D3147745.exe

    • Size

      1.1MB

    • MD5

      3db8aaeede991e343f4a58c029d5bcb6

    • SHA1

      dce0cf75d9080b4c31425adbc899d21f0ebb5c0f

    • SHA256

      9bf4c9b6c5e930ce91b84920a73d9111793e6d31477458043e94b649147ebf71

    • SHA512

      ae2e99816106a935498f977bf31dd995d315dcdb0237904bce86ccc525732d4b5353376818af87337396370e0cc23ebd321b4ecf1cb30c04969ea0a20ff8df31

    Score
    10/10
    redline1infostealerpersistence

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Executes dropped EXE

    • Sets service image path in registry

      persistence

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks