Overview

overview

10

Static

static

apphost.exe

windows7_x64

10

apphost.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fd40240f7874f6324e0ecb17a3f1f7e095d3feb079b56da3694dac833bdc6a0c

  • Size

    462KB

  • Sample

    220521-blc1zscaf5

  • MD5

    a22ead0d0e5b585b30a544bce9d9b78e

  • SHA1

    8ce666d569638bfeee995f2df13d51bf00fcaa45

  • SHA256

    fd40240f7874f6324e0ecb17a3f1f7e095d3feb079b56da3694dac833bdc6a0c

  • SHA512

    395c482e610bbc1e5743325d5ff055dcf19bc7c8d07fa43d8f80d76144ebc59a302bfaebedf2c776a2ee4d0728549e1919ce1b5bf66c79e4fe37528c36ea6721

Score
10/10
redline2905 ostapcoreentityinfostealerrezer0

Malware Config

Extracted

Family

redline

Botnet

2905 ostap

C2

45.66.9.166:80

Targets

    • Target

      apphost.exe

    • Size

      603KB

    • MD5

      35329adc614b4afdf984585c386a6b16

    • SHA1

      3ce0b19b9f426fb8a1349d738d7d30fd0f8fa060

    • SHA256

      ca120f69f73a72abd0c7f05da2a653556a7abc29a793ea2ae06f4419f11313c9

    • SHA512

      94c8522e648bbed20139480748010601b0eb3bbbc387e1f5f3401dca28582cb248d7910b53ac91ccd66681b0a3647e5db0c6838c9c627def3e6628e20365e66d

    Score
    10/10
    redline2905 ostapcoreentityinfostealerrezer0

    • CoreEntity .NET Packer

      A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

      coreentity

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • ReZer0 packer

      Detects ReZer0, a packer with multiple versions used in various campaigns.

      rezer0

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks