Overview

overview

10

Static

static

malware_sm...20.exe

windows7-x64

10

malware_sm...20.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    malware_smoke_3486898020

  • Size

    576KB

  • Sample

    221004-b8t8sagbbr

  • MD5

    0182b08a0baec057442e99f6d9a2f92e

  • SHA1

    456d10c6d05c905437522a120de811da18005d91

  • SHA256

    304eaba1cf03d198a719831d4a3c41eacb999ff0398192fb51b88a35e6803e8a

  • SHA512

    dd0d5b8bfc0b018c08c09c7fbadaade721729ad902950ff60117f7786fc95abe3b16c9333e8b1662b1d656a5785888ea7c35b8e41bb37bdbc62b0e25e7da6a85

  • SSDEEP

    12288:+i9oxCwb5PyrtmqQsp9QS03ULaHNqrxlKIQNo701uKWcdlPmNFT7yLs:1ACw1yp9Q2kEaHNYK3XuZS9sx7y4

Score
10/10
redline5076357887infostealer

Malware Config

Extracted

Family

redline

Botnet

5076357887

C2

5.61.50.222:2575

Attributes
  • auth_value

    b1022b77a8ea3300a254df573b6fd16e

Targets

    • Target

      malware_smoke_3486898020

    • Size

      576KB

    • MD5

      0182b08a0baec057442e99f6d9a2f92e

    • SHA1

      456d10c6d05c905437522a120de811da18005d91

    • SHA256

      304eaba1cf03d198a719831d4a3c41eacb999ff0398192fb51b88a35e6803e8a

    • SHA512

      dd0d5b8bfc0b018c08c09c7fbadaade721729ad902950ff60117f7786fc95abe3b16c9333e8b1662b1d656a5785888ea7c35b8e41bb37bdbc62b0e25e7da6a85

    • SSDEEP

      12288:+i9oxCwb5PyrtmqQsp9QS03ULaHNqrxlKIQNo701uKWcdlPmNFT7yLs:1ACw1yp9Q2kEaHNYK3XuZS9sx7y4

    Score
    10/10
    redline5076357887infostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks