Overview

overview

10

Static

static

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8c952a5d6d8f610f4462847570be51afcadbfc5ca8c7298556bf24d6e1c92856

  • Size

    4.5MB

  • Sample

    220918-17t9tscbf7

  • MD5

    116ad7e88ec60629de63ceeed72ca6f0

  • SHA1

    9cf771b5ad3a5c18679827337261b9a7b0a586cd

  • SHA256

    8c952a5d6d8f610f4462847570be51afcadbfc5ca8c7298556bf24d6e1c92856

  • SHA512

    ecb5baf8a69125a27c0b381904d69f4046ee9e5a29557cb70614a32c95ea3c254b1e71f6ffcd2fba5ccc5df7c6740a2ac29b232b2c6f89ad037466c5cf7ec1cd

  • SSDEEP

    98304:4+jjU7ShrX3uJXPhcHWSbjZxTap3mnR9zjMn:XfzhrX8c2WVxTamn7z

Score
10/10
redlineimhotepinfostealerspyware

Malware Config

Extracted

Family

redline

Botnet

IMHOTEP

C2

185.215.113.217:19618

Attributes
  • auth_value

    6ab091fd3a77232d89f167fd3318223a

Targets

    • Target

      8c952a5d6d8f610f4462847570be51afcadbfc5ca8c7298556bf24d6e1c92856

    • Size

      4.5MB

    • MD5

      116ad7e88ec60629de63ceeed72ca6f0

    • SHA1

      9cf771b5ad3a5c18679827337261b9a7b0a586cd

    • SHA256

      8c952a5d6d8f610f4462847570be51afcadbfc5ca8c7298556bf24d6e1c92856

    • SHA512

      ecb5baf8a69125a27c0b381904d69f4046ee9e5a29557cb70614a32c95ea3c254b1e71f6ffcd2fba5ccc5df7c6740a2ac29b232b2c6f89ad037466c5cf7ec1cd

    • SSDEEP

      98304:4+jjU7ShrX3uJXPhcHWSbjZxTap3mnR9zjMn:XfzhrX8c2WVxTamn7z

    Score
    10/10
    redlineimhotepinfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks