Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    348KB

  • Sample

    221109-mlhr1sgab7

  • MD5

    bb8be3118ea359f82113e51fa7ad27f8

  • SHA1

    e15987c62de928eed548d180359ffdad16a7eecd

  • SHA256

    c852a4667cd669458b5511fbc5d272b4a4451f1e6f0f7831943969d1fc2aa319

  • SHA512

    367d66aa0aae164d443d76765d1fe6d829abb781cc28cbfdab43fb3728a8a26d0b8f04c45a2cd01b5711421e8e4d4a379f587b485412fd91cad3fe0dd2cfdeab

  • SSDEEP

    6144:DVXgXfr23vQU5nNHSJoBuZVu3irlceaBDlX3hpAO48Ub:RgXfr0NHpufuSpBa9lhpfw

Score
10/10
redlinenew1109infostealerspyware

Malware Config

Extracted

Family

redline

Botnet

new1109

C2

jalocliche.xyz:81

chardhesha.xyz:81
Attributes
  • auth_value

    4e1b0eea6916e5eec6474516190b3725

Targets

    • Target

      file.exe

    • Size

      348KB

    • MD5

      bb8be3118ea359f82113e51fa7ad27f8

    • SHA1

      e15987c62de928eed548d180359ffdad16a7eecd

    • SHA256

      c852a4667cd669458b5511fbc5d272b4a4451f1e6f0f7831943969d1fc2aa319

    • SHA512

      367d66aa0aae164d443d76765d1fe6d829abb781cc28cbfdab43fb3728a8a26d0b8f04c45a2cd01b5711421e8e4d4a379f587b485412fd91cad3fe0dd2cfdeab

    • SSDEEP

      6144:DVXgXfr23vQU5nNHSJoBuZVu3irlceaBDlX3hpAO48Ub:RgXfr0NHpufuSpBa9lhpfw

    Score
    10/10
    redlinenew1109infostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks