Overview

overview

10

Static

static

bad (2).js

windows7-x64

10

bad (2).js

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bad (2).js

  • Size

    16.9MB

  • Sample

    220917-b5k6pschcr

  • MD5

    0a1eb91d290587e3f154e85a83d1b222

  • SHA1

    417386e69759d61b9b3db947ffacc2dd192c7740

  • SHA256

    bb1d3df26a6c9f8b1ec1608e1d177a2407ddc0efa7455ba7a68ab2f50f5381f6

  • SHA512

    cad902e0d8bd106707247197907d72eb9a2cf19ed6a99ccb3a41af5fbc9569fedfe2f228b5d2a39e6f551a1eccca01d1bf8a00f1c2583ee70b90c8e5d77d0820

  • SSDEEP

    49152:vvMl5ImrlOdPoXywnePgUfhZIc0fRGlMtz2nexWlgMrZiQGP:i

Score
10/10
redlinediscoveryinfostealerpersistencespywarestealer

Malware Config

Targets

    • Target

      bad (2).js

    • Size

      16.9MB

    • MD5

      0a1eb91d290587e3f154e85a83d1b222

    • SHA1

      417386e69759d61b9b3db947ffacc2dd192c7740

    • SHA256

      bb1d3df26a6c9f8b1ec1608e1d177a2407ddc0efa7455ba7a68ab2f50f5381f6

    • SHA512

      cad902e0d8bd106707247197907d72eb9a2cf19ed6a99ccb3a41af5fbc9569fedfe2f228b5d2a39e6f551a1eccca01d1bf8a00f1c2583ee70b90c8e5d77d0820

    • SSDEEP

      49152:vvMl5ImrlOdPoXywnePgUfhZIc0fRGlMtz2nexWlgMrZiQGP:i

    Score
    10/10
    redlinediscoveryinfostealerpersistencespywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks