Overview

overview

10

Static

static

3a3538c694...a7.exe

windows7-x64

10

3a3538c694...a7.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3a3538c69497117eed0c401d2885cc81f48caac0074846296251696ecc7c39a7

  • Size

    1.7MB

  • Sample

    221030-xatp9afahq

  • MD5

    2220737b0dbdfb560ce1b2139dc43dda

  • SHA1

    bfabc73179ffc17922e5648759172d254eae0cf4

  • SHA256

    4f00b00b2d2ce1ded6a266c9c0a999d81428c7f818df41eece26010da4b9a1bf

  • SHA512

    e12211af300d4996ae04179cf720c4f55d7d640218d4f7c85a33d41e964e7fe64e59afc3fb9d99a221d2829bef35bfd7af38645dc6d012fd156e6c0ac4900a32

  • SSDEEP

    49152:Fl2X9C4WE8Focc0VSE1MSjxy/V/rRnsnGN:Fl2N92SE17E/VjRsnGN

Score
10/10
redline1310infostealerspyware

Malware Config

Extracted

Family

redline

Botnet

1310

C2

79.137.192.57:48771

Attributes
  • auth_value

    feb5f5c29913f32658637e553762a40e

Targets

    • Target

      3a3538c69497117eed0c401d2885cc81f48caac0074846296251696ecc7c39a7

    • Size

      2.5MB

    • MD5

      37d57f7ed22713bb64c248e865beab23

    • SHA1

      bb6a150d5b5353e7d785b9e3f15ddb1d60db0612

    • SHA256

      3a3538c69497117eed0c401d2885cc81f48caac0074846296251696ecc7c39a7

    • SHA512

      e9dbfe5de8b046489771f2dafad54ac0591aa5c69ad68c5450e6f5519a8cf396a44f096ae85ffa05ae1af272c8eb1ed2a4b7d1c98ba2dde565f3d56d49cb6c4f

    • SSDEEP

      49152:Duz9O+na8s0uEaPZRpcmsVsCNMSh/y/RVpRnQXz2:DuhOMsGaPZRNesCNZ6/RfRQXz2

    Score
    10/10
    redline1310infostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks