Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Resubmissions

20/10/2022, 13:55

221020-q78gcagef9 10

20/10/2022, 12:49

221020-p2cbaaedc9 10

Sharing

Copy URL Twitter E-mail

General

  • Target

    file.exe

  • Size

    2.6MB

  • Sample

    221020-p2cbaaedc9

  • MD5

    e251d4a4fc7fd8628573e6f0e8c946e3

  • SHA1

    db0745fd48ef2ba8b07986356d27fd2c54292d09

  • SHA256

    98999d2d726981c9f225d175dddc5c9a9c98a7b9716fe517d158c1cfdfcbc6fc

  • SHA512

    a69e3bbbeb0f9835ef0a51a34b72551c5e913f1e2a97eec78ad9345d9e1b4b352e0a8d26f2744ded94cd94b43edf2ce3832b382d15272ecdd1e1bdf4d716286f

  • SSDEEP

    24576:OryZxbMZfJ71qlWsxp4cpYOYVqAk/bdM2rAyx+dolv6ZGPHPAGLY/r6TqCnAoWSH:IyZtscp4afPHPqrA1AoWSkS+Tl3Q

Score
10/10
redline1310infostealerspyware

Malware Config

Extracted

Family

redline

Botnet

1310

C2

79.137.192.57:48771

Attributes
  • auth_value

    feb5f5c29913f32658637e553762a40e

Targets

    • Target

      file.exe

    • Size

      2.6MB

    • MD5

      e251d4a4fc7fd8628573e6f0e8c946e3

    • SHA1

      db0745fd48ef2ba8b07986356d27fd2c54292d09

    • SHA256

      98999d2d726981c9f225d175dddc5c9a9c98a7b9716fe517d158c1cfdfcbc6fc

    • SHA512

      a69e3bbbeb0f9835ef0a51a34b72551c5e913f1e2a97eec78ad9345d9e1b4b352e0a8d26f2744ded94cd94b43edf2ce3832b382d15272ecdd1e1bdf4d716286f

    • SSDEEP

      24576:OryZxbMZfJ71qlWsxp4cpYOYVqAk/bdM2rAyx+dolv6ZGPHPAGLY/r6TqCnAoWSH:IyZtscp4afPHPqrA1AoWSkS+Tl3Q

    Score
    10/10
    redline1310infostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks