Overview

overview

10

Static

static

Setup.exe

windows7_x64

10

Setup.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Setup.exe

  • Size

    2.4MB

  • Sample

    220705-xn7h9scacn

  • MD5

    c9b79e63143ac743664bdbf3065d5611

  • SHA1

    f86b7bf311a24bc380ceb1a53a9abf21d27c660b

  • SHA256

    474a43af09858dc6fcc25e94a1bac0cf4cf6ae55ae0903f412480ff3d134083d

  • SHA512

    24846d99de6efc6597e811abcf928ee8dc5e641185b110e7f2a18f5818e3dee5d934203aac0f3dd05f7d9a364bdaf0a09a7cc4d7957d94a728d95f93d874ffda

Score
10/10
redlineeasyv14infostealerspyware

Malware Config

Extracted

Family

redline

Botnet

easyv14

C2

135.181.81.197:28959

Attributes
  • auth_value

    469f9d12a65c559c10a9629a287f5ba6

Targets

    • Target

      Setup.exe

    • Size

      2.4MB

    • MD5

      c9b79e63143ac743664bdbf3065d5611

    • SHA1

      f86b7bf311a24bc380ceb1a53a9abf21d27c660b

    • SHA256

      474a43af09858dc6fcc25e94a1bac0cf4cf6ae55ae0903f412480ff3d134083d

    • SHA512

      24846d99de6efc6597e811abcf928ee8dc5e641185b110e7f2a18f5818e3dee5d934203aac0f3dd05f7d9a364bdaf0a09a7cc4d7957d94a728d95f93d874ffda

    Score
    10/10
    redlineeasyv14infostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks