Overview

overview

10

Static

static

30757d645e...72.exe

windows7-x64

10

30757d645e...72.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    30757d645e25fb8ee4871ceface19772.exe

  • Size

    2.4MB

  • Sample

    221102-xgbs1sdedm

  • MD5

    30757d645e25fb8ee4871ceface19772

  • SHA1

    e21abb5ecefd8f9c9ad5f30c27ef3de913b47ed2

  • SHA256

    53a346abbdc2c926034a024aee8a4b794edb4430826489486ad0dc46d1352d41

  • SHA512

    226f96d3d36e70788a9b2019331fd29cbabfad994c31f3fda09d02304b246638caabf5623e66e870e3f9077f170286fa9cf4693f266be3a1dd17dc130f2378df

  • SSDEEP

    49152:lIgOhjpeuUTmDyXv2KT0MIrCHvn9MJ7Im7uAYHsJd0ChzzI7MVHvwWjNM:lIgOhjpeuUTmDKvG4viGm6qdU0HFNM

Score
10/10
redlinetestiruemlnkinfostealerspyware

Malware Config

Extracted

Family

redline

Botnet

Testiruemlnk

C2

195.2.79.103:29071

Attributes
  • auth_value

    cb1bbd476d42e2e79ff5d2349388d6ae

Targets

    • Target

      30757d645e25fb8ee4871ceface19772.exe

    • Size

      2.4MB

    • MD5

      30757d645e25fb8ee4871ceface19772

    • SHA1

      e21abb5ecefd8f9c9ad5f30c27ef3de913b47ed2

    • SHA256

      53a346abbdc2c926034a024aee8a4b794edb4430826489486ad0dc46d1352d41

    • SHA512

      226f96d3d36e70788a9b2019331fd29cbabfad994c31f3fda09d02304b246638caabf5623e66e870e3f9077f170286fa9cf4693f266be3a1dd17dc130f2378df

    • SSDEEP

      49152:lIgOhjpeuUTmDyXv2KT0MIrCHvn9MJ7Im7uAYHsJd0ChzzI7MVHvwWjNM:lIgOhjpeuUTmDKvG4viGm6qdU0HFNM

    Score
    10/10
    redlinetestiruemlnkinfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks