Overview

overview

10

Static

static

af9ead6dc5...82.exe

windows7-x64

10

af9ead6dc5...82.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    af9ead6dc54cbcc5c8caf2d1c1f97fa282b233da6ddf7615243312c487ca0882.exe

  • Size

    340KB

  • Sample

    221111-xwmttsab33

  • MD5

    cdeb8b2eeb91155aa86c28286bd129bb

  • SHA1

    f2b9227500cd53b5337a116ca9c37c3f63716b07

  • SHA256

    af9ead6dc54cbcc5c8caf2d1c1f97fa282b233da6ddf7615243312c487ca0882

  • SHA512

    3e179227c0dd4995a6e141eff4af9e0d42b2e664b43f7b4bef89f4eab1543487267f72a50ccee8007449d41a1406bb2efbd39cf3907fb9b617f81ed6281a9a37

  • SSDEEP

    6144:2IuKLaoiodWsTHEHMaQC3jpTxdY4UrtAUWZhdhtBPboS8R:2rKlDdWsTHLV4jzdY4+AUWZXBMT

Score
10/10
redlineneruzkidiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

neruzki

C2

193.106.191.22:47242

Attributes
  • auth_value

    be14ae67c6dd227f622680a27ea42452

Targets

    • Target

      af9ead6dc54cbcc5c8caf2d1c1f97fa282b233da6ddf7615243312c487ca0882.exe

    • Size

      340KB

    • MD5

      cdeb8b2eeb91155aa86c28286bd129bb

    • SHA1

      f2b9227500cd53b5337a116ca9c37c3f63716b07

    • SHA256

      af9ead6dc54cbcc5c8caf2d1c1f97fa282b233da6ddf7615243312c487ca0882

    • SHA512

      3e179227c0dd4995a6e141eff4af9e0d42b2e664b43f7b4bef89f4eab1543487267f72a50ccee8007449d41a1406bb2efbd39cf3907fb9b617f81ed6281a9a37

    • SSDEEP

      6144:2IuKLaoiodWsTHEHMaQC3jpTxdY4UrtAUWZhdhtBPboS8R:2rKlDdWsTHLV4jzdY4+AUWZXBMT

    Score
    10/10
    redlineneruzkidiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks