Overview

overview

10

Static

static

3190dabfff...3e.exe

windows7_x64

10

3190dabfff...3e.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3190dabfff2aad6baa93e6a9f0e0729581174ffae34b708a67a11c9c2c22f53e

  • Size

    704KB

  • Sample

    220215-rvd8eahbfk

  • MD5

    0b5dd85b1c4310249c87268370191a90

  • SHA1

    28455b31fb78c4fcb3df25a60374cb2050922ab7

  • SHA256

    3190dabfff2aad6baa93e6a9f0e0729581174ffae34b708a67a11c9c2c22f53e

  • SHA512

    026e7e7910fd3a48a9587bf3d2846618a0fd30777e2c452c78fe74ba740ca090a03ce91a67b4ec340d203b4bd3d122a0cc0800dc43c09ec4b5a034b0e359bfe2

Score
10/10
redlineabobainfostealer

Malware Config

Extracted

Family

redline

Botnet

aboba

C2

95.181.152.149:27209

Attributes
  • auth_value

    9ef0875df33a8cb88246deeee46c0075

Targets

    • Target

      3190dabfff2aad6baa93e6a9f0e0729581174ffae34b708a67a11c9c2c22f53e

    • Size

      704KB

    • MD5

      0b5dd85b1c4310249c87268370191a90

    • SHA1

      28455b31fb78c4fcb3df25a60374cb2050922ab7

    • SHA256

      3190dabfff2aad6baa93e6a9f0e0729581174ffae34b708a67a11c9c2c22f53e

    • SHA512

      026e7e7910fd3a48a9587bf3d2846618a0fd30777e2c452c78fe74ba740ca090a03ce91a67b4ec340d203b4bd3d122a0cc0800dc43c09ec4b5a034b0e359bfe2

    Score
    10/10
    redlineabobainfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Suspicious use of NtCreateProcessExOtherParentProcess

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks