Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file

  • Size

    543KB

  • Sample

    221117-azzlgadd58

  • MD5

    b31f6ab3a6d23de685661ac8cc639876

  • SHA1

    f8879425aa286233874a91860983bee0989e6501

  • SHA256

    ee4977a66fcaa514ea275ecd43bbf0fe9c91816941ed56d0e2b28366a1d6934c

  • SHA512

    ef7a984f21f3a283f64b1cbc5fcca7302ad30e50adbeaacd52aa58abf254392454585c3723eecc653f0e1ceef718661f8b62646f959d7d518e5c1ac594900d16

  • SSDEEP

    12288:o2VvVW6VFlI0xWpSAmPKvzCP5f4F6uuKSdiQgSeTCry:lVvVWElpxWpWS7i5fHuqgSiCr

Score
10/10
redlinehuilodiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

huilo

C2

193.106.191.27:47242

Attributes
  • auth_value

    d5c84207821bb2a40d836bae8ebb8d55

Targets

    • Target

      file

    • Size

      543KB

    • MD5

      b31f6ab3a6d23de685661ac8cc639876

    • SHA1

      f8879425aa286233874a91860983bee0989e6501

    • SHA256

      ee4977a66fcaa514ea275ecd43bbf0fe9c91816941ed56d0e2b28366a1d6934c

    • SHA512

      ef7a984f21f3a283f64b1cbc5fcca7302ad30e50adbeaacd52aa58abf254392454585c3723eecc653f0e1ceef718661f8b62646f959d7d518e5c1ac594900d16

    • SSDEEP

      12288:o2VvVW6VFlI0xWpSAmPKvzCP5f4F6uuKSdiQgSeTCry:lVvVWElpxWpWS7i5fHuqgSiCr

    Score
    10/10
    redlinehuilodiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks