Overview

overview

10

Static

static

7231cf29f8...5c.exe

windows7_x64

8

7231cf29f8...5c.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7231cf29f8c9926a6b276b19c6cae25e43330b4b914ba3abd9ebeabcfc7d605c

  • Size

    1.0MB

  • Sample

    220530-3s1jeabbgp

  • MD5

    07fed12bfd9166a4f965f848c7172b04

  • SHA1

    ebb25569a8ed53fc803ad6da6e25d06765340c38

  • SHA256

    7231cf29f8c9926a6b276b19c6cae25e43330b4b914ba3abd9ebeabcfc7d605c

  • SHA512

    40da6d529abd89d380957635afadecf932c8bb12dd08ce83d53ff5f0b6bee52949f0aad7afc7eea5730b920d0fb55e4e57ab34db09aed36663eacd3684502327

Score
10/10
redline1010infostealerpersistence

Malware Config

Extracted

Family

redline

Botnet

1010

C2

135.181.123.52:21975

Attributes
  • auth_value

    2cdeb4fb37fd392a4ee4bf30ab711e38

Targets

    • Target

      7231cf29f8c9926a6b276b19c6cae25e43330b4b914ba3abd9ebeabcfc7d605c

    • Size

      1.0MB

    • MD5

      07fed12bfd9166a4f965f848c7172b04

    • SHA1

      ebb25569a8ed53fc803ad6da6e25d06765340c38

    • SHA256

      7231cf29f8c9926a6b276b19c6cae25e43330b4b914ba3abd9ebeabcfc7d605c

    • SHA512

      40da6d529abd89d380957635afadecf932c8bb12dd08ce83d53ff5f0b6bee52949f0aad7afc7eea5730b920d0fb55e4e57ab34db09aed36663eacd3684502327

    Score
    10/10
    persistenceredline1010infostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks