Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file

  • Size

    472KB

  • Sample

    220901-tcbexafgeq

  • MD5

    09a3f4f73610deafc0ebb0a0d1630de8

  • SHA1

    bd2e7392d489a9c0740e275d185f404113f11b41

  • SHA256

    d3e129d7d38d514584d7c468f749c2ccec3e321e731af52b88704d083b2abf84

  • SHA512

    01e835a4672bce7dab78301478937f3c2d7e3850d255668d1602f51e6fadca787f76481afc8ba5ab144f343d2a405f2cf95988e8fe8b736fa086da38e97bda78

  • SSDEEP

    12288:h58j/AQxpe0ZfyFu9NPjAQS/ZHHQe+c9ENSVkUuXcDE:huj/AQxpeINLYa4QSKBc

Score
10/10
redline@forceddd_lztinfostealerspyware

Malware Config

Extracted

Family

redline

Botnet

@forceddd_lzt

C2

5.182.36.101:31305

Attributes
  • auth_value

    91ffc3d776bc56b5c410d1adf5648512

Targets

    • Target

      file

    • Size

      472KB

    • MD5

      09a3f4f73610deafc0ebb0a0d1630de8

    • SHA1

      bd2e7392d489a9c0740e275d185f404113f11b41

    • SHA256

      d3e129d7d38d514584d7c468f749c2ccec3e321e731af52b88704d083b2abf84

    • SHA512

      01e835a4672bce7dab78301478937f3c2d7e3850d255668d1602f51e6fadca787f76481afc8ba5ab144f343d2a405f2cf95988e8fe8b736fa086da38e97bda78

    • SSDEEP

      12288:h58j/AQxpe0ZfyFu9NPjAQS/ZHHQe+c9ENSVkUuXcDE:huj/AQxpeINLYa4QSKBc

    Score
    10/10
    redline@forceddd_lztinfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks