Overview

overview

10

Static

static

6f7e3df96a...1c.exe

windows7-x64

10

6f7e3df96a...1c.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6f7e3df96a32a5f357bd78b64c25abfb53fa810a75df815734c7d230fd16c81c

  • Size

    281KB

  • Sample

    221003-j96l7sehd3

  • MD5

    07ea6fc965cda2b47463f1161a82c3d3

  • SHA1

    baa6cbe6c6917481823835012caa9ec44b821b69

  • SHA256

    6f7e3df96a32a5f357bd78b64c25abfb53fa810a75df815734c7d230fd16c81c

  • SHA512

    54efebb8e8bfa780168f809a47cecbe88391fb9ef5d630a78e43ff6d41b0a5ac7ba1425859b820ef227b05ab5cfe653fdc674032b3157dc66ffa1ea73049a58d

  • SSDEEP

    3072:IhDGsORb4LiR4ypBFvycxuTA/SPAZkNbM1AHYXQqkoG3Z3KBb527qMRB35TXKggq:mi+8qvSSIyNM1YPoeVKBZOJDTmqKxq9

Score
10/10
redline20221001discoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

20221001

C2

89.22.235.53:16640

Attributes
  • auth_value

    7c7a8658971281de82db43a3b9284d97

Targets

    • Target

      6f7e3df96a32a5f357bd78b64c25abfb53fa810a75df815734c7d230fd16c81c

    • Size

      281KB

    • MD5

      07ea6fc965cda2b47463f1161a82c3d3

    • SHA1

      baa6cbe6c6917481823835012caa9ec44b821b69

    • SHA256

      6f7e3df96a32a5f357bd78b64c25abfb53fa810a75df815734c7d230fd16c81c

    • SHA512

      54efebb8e8bfa780168f809a47cecbe88391fb9ef5d630a78e43ff6d41b0a5ac7ba1425859b820ef227b05ab5cfe653fdc674032b3157dc66ffa1ea73049a58d

    • SSDEEP

      3072:IhDGsORb4LiR4ypBFvycxuTA/SPAZkNbM1AHYXQqkoG3Z3KBb527qMRB35TXKggq:mi+8qvSSIyNM1YPoeVKBZOJDTmqKxq9

    Score
    10/10
    redline20221001discoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks