Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file

  • Size

    400KB

  • Sample

    220822-skk4mshebq

  • MD5

    fc71204fcbc5b045fc012e24511eb638

  • SHA1

    3bbe58da84cd02356f323fa5be1d433ae4ecd299

  • SHA256

    3e3a73aea9495c7411a333fd99b00b2fe476894e7c3ac4486bcd1ca97cfcbfc0

  • SHA512

    07c381bde3b1e3863d8d22e6c37208f084e6d41de3d46ccbbfec4e31f857774b2ef055875e947d02a7bff2e60a49515576a1664dc6b0047439424149e04b8c84

  • SSDEEP

    6144:dznqQNZgP4N2rJrx3wue4RwfqUKDPi5xo/nYH:NnqQNMte7I/nS

Score
10/10
redlinenam6.1infostealerspyware

Malware Config

Extracted

Family

redline

Botnet

nam6.1

C2

103.89.90.61:34589

Attributes
  • auth_value

    b5784d2217d2fd4ce7dab9bdb9fcaa62

Targets

    • Target

      file

    • Size

      400KB

    • MD5

      fc71204fcbc5b045fc012e24511eb638

    • SHA1

      3bbe58da84cd02356f323fa5be1d433ae4ecd299

    • SHA256

      3e3a73aea9495c7411a333fd99b00b2fe476894e7c3ac4486bcd1ca97cfcbfc0

    • SHA512

      07c381bde3b1e3863d8d22e6c37208f084e6d41de3d46ccbbfec4e31f857774b2ef055875e947d02a7bff2e60a49515576a1664dc6b0047439424149e04b8c84

    • SSDEEP

      6144:dznqQNZgP4N2rJrx3wue4RwfqUKDPi5xo/nYH:NnqQNMte7I/nS

    Score
    10/10
    redlinenam6.1infostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks