Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    366KB

  • Sample

    221116-h1hckshf36

  • MD5

    7bc7ff57dcc8d9be40b37676bc222f56

  • SHA1

    0fd788031ef1e7c74f86e0742132bc0be672d8e5

  • SHA256

    8dc87ddb1bb5657792603d09bd41b705ee4f6917bea8aeba74ca0c9f9c17ad7e

  • SHA512

    ef0c9c4f0bfff5c08dd50f6c2aa9f30b7ac72f36df813cdc951eda5f3223c59452e753f3b0a038126529c03f51dd69e5204639c2c073dcc5a7a078220ac9717f

  • SSDEEP

    6144:/WaHBLe0G5VdeTdQeeN9FLOlXNIOv29yY051RiFhHd0k05rkWLwyP:+ahC0G5ykIlSO2wREd0kq7

Score
10/10
redlineneruzdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

neruz

C2

193.106.191.27:47242

Attributes
  • auth_value

    0169a8759f3c9be473f782b96a6ff704

Targets

    • Target

      file.exe

    • Size

      366KB

    • MD5

      7bc7ff57dcc8d9be40b37676bc222f56

    • SHA1

      0fd788031ef1e7c74f86e0742132bc0be672d8e5

    • SHA256

      8dc87ddb1bb5657792603d09bd41b705ee4f6917bea8aeba74ca0c9f9c17ad7e

    • SHA512

      ef0c9c4f0bfff5c08dd50f6c2aa9f30b7ac72f36df813cdc951eda5f3223c59452e753f3b0a038126529c03f51dd69e5204639c2c073dcc5a7a078220ac9717f

    • SSDEEP

      6144:/WaHBLe0G5VdeTdQeeN9FLOlXNIOv29yY051RiFhHd0k05rkWLwyP:+ahC0G5ykIlSO2wREd0kq7

    Score
    10/10
    redlineneruzdiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks