Overview

overview

10

Static

static

7

87a53e43fc...c5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8030496154.zip

  • Size

    3.6MB

  • Sample

    220923-pjt4dagfe2

  • MD5

    f41ed49eae48090e080537778600f33a

  • SHA1

    c05a485d43c161511abf3f81cddcb9daee43b8b8

  • SHA256

    88ad4dfc05f375f97a5ba9b10a8d5d6222cfa1250841ccc5dfe9189c09ad73d2

  • SHA512

    b2c1f92622db96b156412f8b7ed0db29300bf0894299dcd63c7cddd7ff534c6753a8db75ec494d0a16cbf09156979d055685a8f5a832c8b01357c79bf5239d35

  • SSDEEP

    98304:V2DKkQIE1lubSgUiwu1s76KMSbakXpV9ITgdAzQ8tjQD4+:W3jXXUfu1cMFkXPxdAzltj44+

Score
10/10
redlinesp-19agilenetinfostealerspyware

Malware Config

Extracted

Family

redline

Botnet

sp-19

C2

38.91.100.57:32750

Attributes
  • auth_value

    7d992d9714ca3423d5efee4459c460c8

Targets

    • Target

      87a53e43fc1a838c52130abe4607eb0ea70802f3b233e4e74c9edca5920ed2c5

    • Size

      3.8MB

    • MD5

      5297fc3e53d37d8d673c038dc55efebd

    • SHA1

      f78c4cc2fa80af00cd84128a8a4bcd54b6768206

    • SHA256

      87a53e43fc1a838c52130abe4607eb0ea70802f3b233e4e74c9edca5920ed2c5

    • SHA512

      10ade61bbbafadb2cbe9726aaf445e3e3d02cfd36ae86b294c083ac5dd0a5e6fe8fbc421814f5438fd16601c19626f195df4a72eb9f98a06b9a7e1e6d3c19657

    • SSDEEP

      98304:jJoqfS4A/EKZcD0X3lkRtWopFrdTQAI42+:NRFpD0X32GkdTQD4

    Score
    10/10
    redlinesp-19agilenetinfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks