Overview

overview

10

Static

static

run.exe

windows7-x64

10

run.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    run.exe

  • Size

    363KB

  • Sample

    220804-rcl6asfff6

  • MD5

    6a3269d9c04f370d1d2e7384c716d26f

  • SHA1

    860b4afab55af28c0eb99f49c8c7e95b90313f80

  • SHA256

    8006c7dca010f19218147a16ccec14db546027bebba8ce7870e515824f532edf

  • SHA512

    91b20f066964178633691a741e4b0ceae2f7af17d15965b4fbdfeb8ac1defe4964f5172d18f51c3efe9d7b3bab64fccfd51091ddc2616b5a51b500e47daa330c

Score
10/10
colibriredlinebuild1infostealerloader

Malware Config

Extracted

Family

redline

C2

33.43.2.23:45102

Attributes
  • auth_value

    4ecb8f70a78c110cf5e92deaf5855f22

Extracted

Family

colibri

Version

1.2.0

Botnet

Build1

C2

http://zpltcmgodhvvedxtfcygvbgjkvgvcguygytfigj.cc/gate.php

http://yugyuvyugguitgyuigtfyutdtoghghbbgyv.cx/gate.php

Targets

    • Target

      run.exe

    • Size

      363KB

    • MD5

      6a3269d9c04f370d1d2e7384c716d26f

    • SHA1

      860b4afab55af28c0eb99f49c8c7e95b90313f80

    • SHA256

      8006c7dca010f19218147a16ccec14db546027bebba8ce7870e515824f532edf

    • SHA512

      91b20f066964178633691a741e4b0ceae2f7af17d15965b4fbdfeb8ac1defe4964f5172d18f51c3efe9d7b3bab64fccfd51091ddc2616b5a51b500e47daa330c

    Score
    10/10
    redlineinfostealercolibribuild1loader

    • Colibri Loader

      A loader sold as MaaS first seen in August 2021.

      loadercolibri

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks