Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file

  • Size

    504KB

  • Sample

    221111-cayzraabdj

  • MD5

    c8d4d2a19b9cbf6266f47a0fcc87a1a0

  • SHA1

    932867e770a3829bc70b2a00122d7dc5cf3f44b9

  • SHA256

    187cb39f278b18e3d77c8132d18dc34d67ebb7763d14487e63f866767ef978d8

  • SHA512

    311db65a97824c9e40a032cc8f1b8884e7a0462e26fd05bb71a43a68e2fdb4f40c949d101363551a398a73a14d1cbcf14f973ac0665f7ed571b63fa19b40aa08

  • SSDEEP

    6144:2drK7NgLt1bJD0T7MzxSoViF6v4Rm9E3YaXdyDt1wCWXwOu1ql:2dhp1bJoHMzzMF6wRaE3YawxOUql

Score
10/10
redlineneruzkidiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

neruzki

C2

193.106.191.22:47242

Attributes
  • auth_value

    be14ae67c6dd227f622680a27ea42452

Targets

    • Target

      file

    • Size

      504KB

    • MD5

      c8d4d2a19b9cbf6266f47a0fcc87a1a0

    • SHA1

      932867e770a3829bc70b2a00122d7dc5cf3f44b9

    • SHA256

      187cb39f278b18e3d77c8132d18dc34d67ebb7763d14487e63f866767ef978d8

    • SHA512

      311db65a97824c9e40a032cc8f1b8884e7a0462e26fd05bb71a43a68e2fdb4f40c949d101363551a398a73a14d1cbcf14f973ac0665f7ed571b63fa19b40aa08

    • SSDEEP

      6144:2drK7NgLt1bJD0T7MzxSoViF6v4Rm9E3YaXdyDt1wCWXwOu1ql:2dhp1bJoHMzzMF6wRaE3YawxOUql

    Score
    10/10
    redlineneruzkidiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks