Overview

overview

10

Static

static

WhatsApp/WhatsApp.exe

windows7-x64

10

WhatsApp/WhatsApp.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    22-7379bbd5a1cd0eb22a5dadc206074e2fc053692cd1e665cf569ddf9fa3b3fbcc.zip

  • Size

    1.3MB

  • Sample

    221012-sqbr6ahba6

  • MD5

    31c2c27c587c280b101747b07b588437

  • SHA1

    f7de806804525b8d97911511a25e50d1fc988a4f

  • SHA256

    c5b9411a4e1abd76be5b321425b09412e6ab004c927d5c52475ed6e01d0c7923

  • SHA512

    4197dcd6cf763045ec7cfa29e984d52ebcaed0f8e835c57a16641d5322eadbcc083c7586b179d9218557b99d5c0beb775c8a6d9207792ae6c6c995a1a6f068ee

  • SSDEEP

    24576:QXlSOfA/bd3TAYW4VPpYD78NxE/ClR+FdfY0d2rzB+EBAY3xVETjtGiKnlKQ:C8xbd30YW4PYENxE/+R+FvAd+vY3xVY6

Score
10/10
redlinews-30infostealer

Malware Config

Extracted

Family

redline

Botnet

WS-30

C2

38.91.100.57:32750

Attributes
  • auth_value

    28ec3879b1ff499f6d9b6d3735d23e33

Targets

    • Target

      WhatsApp/WhatsApp.exe

    • Size

      700.0MB

    • MD5

      eed6f462fa1726e08e0484b390ca06b0

    • SHA1

      8e70784980600025bbc4fa69498e001c65455a8e

    • SHA256

      658b0fd44002ad353d0cf9cb604e9b8cfcad04a3d221c5133bcf6872bca73577

    • SHA512

      af67542f607afbe0f00de61c4d672b2736a375bd484d445cdd4c1e76407467babdb633849f16bbe411cd87f4194ba4024cdca82a1f8d58339c10d4c972903b9e

    • SSDEEP

      12288:Fwe20JjM2oJNVmnWZQzjFeM6DJOjB9sTTHyW8PCVmGZqfOTP/cBtApi2b3r:FnRqVmnYQb6VOKyKg6b3r

    Score
    10/10
    redlinews-30infostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks