Overview

overview

10

Static

static

b532034003...e0.exe

windows7_x64

10

b532034003...e0.exe

windows10_x64

10

Resubmissions

25-01-2022 20:58

220125-zr9txafah2 10

25-01-2022 05:22

220125-f2kszshddn 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b5320340037751e10748b6463fab8ee0.exe

  • Size

    2.1MB

  • Sample

    220125-zr9txafah2

  • MD5

    b5320340037751e10748b6463fab8ee0

  • SHA1

    b3e9a125688e9da67708adfcada41bb56de2cd3d

  • SHA256

    b45b4ee4146fc230dc6ea93a1af252314acc9b4adab82f36103e8f782589983d

  • SHA512

    67e3bdc6c8db9ed127dc0a7a0fcb431a7294fd8daf77fe6ce4042a3cb63b9576130f1d3b3aee665dc16c1de4ede96ed7976789e63a4d61178c631d3d76e06138

Score
10/10
redlineinfostealerpersistence

Malware Config

Targets

    • Target

      b5320340037751e10748b6463fab8ee0.exe

    • Size

      2.1MB

    • MD5

      b5320340037751e10748b6463fab8ee0

    • SHA1

      b3e9a125688e9da67708adfcada41bb56de2cd3d

    • SHA256

      b45b4ee4146fc230dc6ea93a1af252314acc9b4adab82f36103e8f782589983d

    • SHA512

      67e3bdc6c8db9ed127dc0a7a0fcb431a7294fd8daf77fe6ce4042a3cb63b9576130f1d3b3aee665dc16c1de4ede96ed7976789e63a4d61178c631d3d76e06138

    Score
    10/10
    persistenceredlineinfostealer

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks