Overview

overview

10

Static

static

LOG_CHECKI...ed.exe

windows7_x64

10

LOG_CHECKI...ed.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    LOG_CHECKING_crypted.exe

  • Size

    772KB

  • Sample

    220125-2bzecaggd3

  • MD5

    ee1dead769bf3f05ecb6ce9e5d5aba25

  • SHA1

    b56ffd57e9ab2f0cbfe841352a5f30d2cc73cc7d

  • SHA256

    87d621ce8ab828d96c3c48c9c70ea58d9aae982b7739ac409eeb3d0f2ade49da

  • SHA512

    6df89c728b5ed79bbe6e30516ac3abcda1980a04e01cdcc43d958f1953c3f787d03cc7a1261b8c104d86c90cf2ca751aa05a9f2abded99abdd992cec65b8e6c1

Score
10/10
redlinediscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

C2

91.243.32.83:14266

Targets

    • Target

      LOG_CHECKING_crypted.exe

    • Size

      772KB

    • MD5

      ee1dead769bf3f05ecb6ce9e5d5aba25

    • SHA1

      b56ffd57e9ab2f0cbfe841352a5f30d2cc73cc7d

    • SHA256

      87d621ce8ab828d96c3c48c9c70ea58d9aae982b7739ac409eeb3d0f2ade49da

    • SHA512

      6df89c728b5ed79bbe6e30516ac3abcda1980a04e01cdcc43d958f1953c3f787d03cc7a1261b8c104d86c90cf2ca751aa05a9f2abded99abdd992cec65b8e6c1

    Score
    10/10
    redlinediscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks