Overview

overview

10

Static

static

10

2464-280-0...ry.exe

windows7_x64

10

2464-280-0...ry.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2464-280-0x00000000028C0000-0x00000000028E2000-memory.dmp

  • Size

    136KB

  • Sample

    220629-27thzadgfn

  • MD5

    43b2ca50510a1feb40201526697d5199

  • SHA1

    b5523504af5deca9a8d41590f9ca3fcdf2e9f7f9

  • SHA256

    16f772d45322cb7246e7457e743da35ec57cba8800f830e4ec1144971c80be05

  • SHA512

    608af8967f112e65a61544a8fa17c11dbb85f7d01b4464666264c6b044fa7c54f96f01254ac6e454c67db2159f1a826fa5b9a98a4e8af1f1e1a1532c2f991431

Score
10/10
redlinemount2discoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

Mount2

C2

ushatamaiet.xyz:80

adinoreiver.xyz:80

qulyneanica.com:80
Attributes
  • auth_value

    041a7c36d4c8d195af1a8b950182ee96

Targets

    • Target

      2464-280-0x00000000028C0000-0x00000000028E2000-memory.dmp

    • Size

      136KB

    • MD5

      43b2ca50510a1feb40201526697d5199

    • SHA1

      b5523504af5deca9a8d41590f9ca3fcdf2e9f7f9

    • SHA256

      16f772d45322cb7246e7457e743da35ec57cba8800f830e4ec1144971c80be05

    • SHA512

      608af8967f112e65a61544a8fa17c11dbb85f7d01b4464666264c6b044fa7c54f96f01254ac6e454c67db2159f1a826fa5b9a98a4e8af1f1e1a1532c2f991431

    Score
    10/10
    redlinemount2discoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks