Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    1.3MB

  • Sample

    221111-cbjlfsgbc8

  • MD5

    cf529426ce8cfb27cfd984e0bc9a8b31

  • SHA1

    692b82e21c1044c0dd912a46ee0e738023fe0aef

  • SHA256

    d2ba0142c9e17b43feba80b43844f8ee44d9c19b22d21470eb379eb946c76582

  • SHA512

    ad11c5a80befb17095f0edc4520957665d79f21e1aa345df6c03271b55d21f87d237abe6eaf709ba8cc06e7f61888a69f20128b54ee32a906a0951271a2eb15c

  • SSDEEP

    24576:gbHgdU4LoV4azY6YOLxt8XMlkk6ZAVbx9gEpnCvunMDJBF:gbHgdUjV4huwvunKF

Score
10/10
redline1infostealerspyware

Malware Config

Extracted

Family

redline

Botnet

1

C2

176.124.201.56:25784

Attributes
  • auth_value

    54d955dfbd035e7951a8675abb7f0e29

Targets

    • Target

      file.exe

    • Size

      1.3MB

    • MD5

      cf529426ce8cfb27cfd984e0bc9a8b31

    • SHA1

      692b82e21c1044c0dd912a46ee0e738023fe0aef

    • SHA256

      d2ba0142c9e17b43feba80b43844f8ee44d9c19b22d21470eb379eb946c76582

    • SHA512

      ad11c5a80befb17095f0edc4520957665d79f21e1aa345df6c03271b55d21f87d237abe6eaf709ba8cc06e7f61888a69f20128b54ee32a906a0951271a2eb15c

    • SSDEEP

      24576:gbHgdU4LoV4azY6YOLxt8XMlkk6ZAVbx9gEpnCvunMDJBF:gbHgdUjV4huwvunKF

    Score
    10/10
    redline1infostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks