Overview

overview

10

Static

static

RedLine_noOVL.exe

windows7_x64

1

RedLine_noOVL.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RedLine_noOVL.exe

  • Size

    264KB

  • Sample

    220603-ej24wagbe5

  • MD5

    88deb557aef2657a31dbb3d6b1281b38

  • SHA1

    7fdca9956efd3c3d7a322d533a20518fa8ac27e8

  • SHA256

    0197e17c47c6b23f902838ce1482b878b9693d299e451b18b716a30d637c1756

  • SHA512

    4a7a35f99c7dfa7499360d1118fb74e25cee7d07a29b035f025009e39238b4f4238951c7ac3d0aebb7fb54a02e6c7247d726f594a9b0d7bcb5781fe7c0e2b725

Score
10/10
redlinemeta1infostealerspyware

Malware Config

Extracted

Family

redline

Botnet

meta1

C2

168.119.106.211:64746

Attributes
  • auth_value

    c58c58849e734196e515b3cd2acd1ae6

Targets

    • Target

      RedLine_noOVL.exe

    • Size

      264KB

    • MD5

      88deb557aef2657a31dbb3d6b1281b38

    • SHA1

      7fdca9956efd3c3d7a322d533a20518fa8ac27e8

    • SHA256

      0197e17c47c6b23f902838ce1482b878b9693d299e451b18b716a30d637c1756

    • SHA512

      4a7a35f99c7dfa7499360d1118fb74e25cee7d07a29b035f025009e39238b4f4238951c7ac3d0aebb7fb54a02e6c7247d726f594a9b0d7bcb5781fe7c0e2b725

    Score
    10/10
    redlinemeta1infostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks