Overview

overview

10

Static

static

fba454b0f8...22.msi

windows7_x64

10

fba454b0f8...22.msi

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fba454b0f86b6514c9d9e5268ed58a398d30443819ec887fbc2b02d590dc1522

  • Size

    1.3MB

  • Sample

    220516-j14q9aacgj

  • MD5

    6e31d2f2c745b340e02b2e1f9711a715

  • SHA1

    9c99809aa69805f708afb5418b68b430d4087552

  • SHA256

    fba454b0f86b6514c9d9e5268ed58a398d30443819ec887fbc2b02d590dc1522

  • SHA512

    41694c05606a8585e6fa8e4e5e0672c59ccc096be6dbf0184c4af0e03e145f98101d96d02e3f744f9710cb722906b2afb2b6f90851842cec9eb9912c32fc587c

Score
10/10
redlineinstalldiscoveryinfostealerspyware

Malware Config

Extracted

Family

redline

Botnet

Install

C2

176.10.119.117:27038

Attributes
  • auth_value

    701b6467f584b2d5c52fa31ecce6761d

Targets

    • Target

      fba454b0f86b6514c9d9e5268ed58a398d30443819ec887fbc2b02d590dc1522

    • Size

      1.3MB

    • MD5

      6e31d2f2c745b340e02b2e1f9711a715

    • SHA1

      9c99809aa69805f708afb5418b68b430d4087552

    • SHA256

      fba454b0f86b6514c9d9e5268ed58a398d30443819ec887fbc2b02d590dc1522

    • SHA512

      41694c05606a8585e6fa8e4e5e0672c59ccc096be6dbf0184c4af0e03e145f98101d96d02e3f744f9710cb722906b2afb2b6f90851842cec9eb9912c32fc587c

    Score
    10/10
    redlineinstalldiscoveryinfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Permissions Modification

1
T1222

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks