Overview

overview

10

Static

static

Quote.exe

windows7_x64

10

Quote.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    02b6456358245fc043c25fa3979fda5f

  • Size

    309KB

  • Sample

    220707-f9gfjadggm

  • MD5

    02b6456358245fc043c25fa3979fda5f

  • SHA1

    caea517ae65d5b8ca6710639da8ca459917f9e80

  • SHA256

    fbc6f264adc7ddcddbcf04b7f3eb6781fb4787a7b45d6d46f8c6d4c12f32728a

  • SHA512

    2ae6c601e72ab2c849d9e6a69fbfcd54a2e036a5a962c04c88dcd39aefc64e3f3f694729fe36e203852388260d78bb0b529f4ff11c97a5790396897c7875e7c7

Score
10/10
redlinebraininfostealerspyware

Malware Config

Extracted

Family

redline

Botnet

brain

C2

45.133.174.85:16428

Targets

    • Target

      Quote.exe

    • Size

      529KB

    • MD5

      8522edb3ecbd62f22edad41e0e88f065

    • SHA1

      405c760447a7eb8974903b755d92cd96863baf03

    • SHA256

      87f8b3c65966cea692dffcafcb016706fa1bfcdfb5737b1d09a08e9455e7a99a

    • SHA512

      2f17456c3758e8da623410ba6c77bad359659ace69355d52926070c028fb6afea13eff7b2c521682d753cafb4ef76b5e0d39609b2937c28c8f1c078ea962df6b

    Score
    10/10
    redlinebraininfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Executes dropped EXE

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Scripting

1
T1064

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks