Overview

overview

10

Static

static

data64_4.exe

windows7_x64

10

data64_4.exe

windows10-2004_x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    data64_4.exeoxyscbzt

  • Size

    404KB

  • Sample

    220525-1e5vvshcfk

  • MD5

    edcec40fb5ee7f18b37a64b2263b755a

  • SHA1

    cf7eb0b13ced52cb8b012e13a5d1cba9bf8bd48b

  • SHA256

    f7c781616e39d720a321fe772fd3c5963d9b76f4d77cbb863a447b128bab829e

  • SHA512

    a638edd29b75fc257bfa370839c36cf2f38dd93898d5f5e5ffd5811ed420cbce1b255f513338371c6aa64dbb5b7f51201858ddbafb56be8b961723c9c10b1bff

Score
10/10
redlinelyla2discoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

Lyla2

C2

185.215.113.201:21921

Attributes
  • auth_value

    f3b96059847b054b3939cadefd4424ee

Targets

    • Target

      data64_4.exeoxyscbzt

    • Size

      404KB

    • MD5

      edcec40fb5ee7f18b37a64b2263b755a

    • SHA1

      cf7eb0b13ced52cb8b012e13a5d1cba9bf8bd48b

    • SHA256

      f7c781616e39d720a321fe772fd3c5963d9b76f4d77cbb863a447b128bab829e

    • SHA512

      a638edd29b75fc257bfa370839c36cf2f38dd93898d5f5e5ffd5811ed420cbce1b255f513338371c6aa64dbb5b7f51201858ddbafb56be8b961723c9c10b1bff

    Score
    10/10
    redlinelyla2discoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks