Overview

overview

10

Static

static

d5d5ca5658...80.exe

windows7_x64

d5d5ca5658...80.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d5d5ca5658c39e952c0b8a8c8d9a4a80.exe

  • Size

    1.8MB

  • Sample

    220424-rt5c7sdghn

  • MD5

    d5d5ca5658c39e952c0b8a8c8d9a4a80

  • SHA1

    5cafaab50da1685258e06c5d26c270ec8fa7386a

  • SHA256

    5ae97fd297925c21665861de9f6f6d2bc0264348ea586d4f45a9c4840445950e

  • SHA512

    1f5c46fb50446ac459ec8b189344fe94210afd049f4bf8f3f87dfa061872028b50f799e93f83c6739f7a76f2854624267c1bbb055c5918c695cef669c26d84b3

Score
10/10
redline@ansdvsvsvdinfostealerspyware

Malware Config

Extracted

Family

redline

Botnet

@ansdvsvsvd

C2

46.8.220.88:65531

Attributes
  • auth_value

    d7b874c6650abbcb219b4f56f4676fee

Targets

    • Target

      d5d5ca5658c39e952c0b8a8c8d9a4a80.exe

    • Size

      1.8MB

    • MD5

      d5d5ca5658c39e952c0b8a8c8d9a4a80

    • SHA1

      5cafaab50da1685258e06c5d26c270ec8fa7386a

    • SHA256

      5ae97fd297925c21665861de9f6f6d2bc0264348ea586d4f45a9c4840445950e

    • SHA512

      1f5c46fb50446ac459ec8b189344fe94210afd049f4bf8f3f87dfa061872028b50f799e93f83c6739f7a76f2854624267c1bbb055c5918c695cef669c26d84b3

    Score
    10/10
    redline@ansdvsvsvdinfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks