Overview

overview

10

Static

static

1c5c68369b...f7.exe

windows7_x64

10

1c5c68369b...f7.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1c5c68369bf3d0d615edfc3d760070f7.exe

  • Size

    2.4MB

  • Sample

    220705-vz4kmsbcgp

  • MD5

    1c5c68369bf3d0d615edfc3d760070f7

  • SHA1

    ccb0d2e9f74b55b77313dbbb01024161b6ad9112

  • SHA256

    a8946790919846ad03640f1ac35962e092e96ba02344a004a65eae31c7080d17

  • SHA512

    082935677bc3b2277dd5d404072307f5fbeb10c3acdee601a1abef7f95a9fa61d8c4fe59d31d217ebce4c8ac7ec843b7b92a298a5eca5ce7230bf58ef49f0caa

Score
10/10
redlineinfostealerspyware

Malware Config

Extracted

Family

redline

C2

91.219.63.181:19868

Attributes
  • auth_value

    f207ca59aef487891ec6fd307ac196e5

Targets

    • Target

      1c5c68369bf3d0d615edfc3d760070f7.exe

    • Size

      2.4MB

    • MD5

      1c5c68369bf3d0d615edfc3d760070f7

    • SHA1

      ccb0d2e9f74b55b77313dbbb01024161b6ad9112

    • SHA256

      a8946790919846ad03640f1ac35962e092e96ba02344a004a65eae31c7080d17

    • SHA512

      082935677bc3b2277dd5d404072307f5fbeb10c3acdee601a1abef7f95a9fa61d8c4fe59d31d217ebce4c8ac7ec843b7b92a298a5eca5ce7230bf58ef49f0caa

    Score
    10/10
    redlineinfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks