redline | 0e424bb0f29838fb3cdae035791dc2e44c98a9706405a373093c6b7fb40b0e82 | Triage

Submit
Reports

Overview

overview

Static

static

unpacked-c439.exe

windows7-x64

1

unpacked-c439.exe

windows10-2004-x64

6

Sharing

General

Target

unpacked-c439.bin
Size

160KB
Sample

221120-nvpglafa6x
MD5

7f0e3a7aaa85e58689553f6588f2d15a
SHA1

0fa57e2adc692b748d660684ecdac10910224a12
SHA256

0e424bb0f29838fb3cdae035791dc2e44c98a9706405a373093c6b7fb40b0e82
SHA512

2ccb6260cd971b50606fa31be603487c3f25bb5fce5d2723db7319358424bd7a7aacba38488e94e859e75d9d1e46cd37c0fa9dde2ed33d47e6c704277ef85d91
SSDEEP

1536:NHGETCdtRendDOACO/H65LmLu27VGhgNk43pfAUOxBObuc+TTPji490wuei1Qb32:BGEMuDCQL97HNkEAFxBaF0Xi49hviP

Score

10^/10

redline microsoft persistence phishing

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

unpacked-c439.exe

Resource

win7-20221111-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

unpacked-c439.exe

Resource

win10v2004-20220812-en

microsoft persistence phishing

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

redline

C2

193.106.191.160:8673

Attributes

auth_value
6988f8340a66b40e87fa1375bd2f916c

Targets

- Target
  
  unpacked-c439.bin
- Size
  
  160KB
- MD5
  
  7f0e3a7aaa85e58689553f6588f2d15a
- SHA1
  
  0fa57e2adc692b748d660684ecdac10910224a12
- SHA256
  
  0e424bb0f29838fb3cdae035791dc2e44c98a9706405a373093c6b7fb40b0e82
- SHA512
  
  2ccb6260cd971b50606fa31be603487c3f25bb5fce5d2723db7319358424bd7a7aacba38488e94e859e75d9d1e46cd37c0fa9dde2ed33d47e6c704277ef85d91
- SSDEEP
  
  1536:NHGETCdtRendDOACO/H65LmLu27VGhgNk43pfAUOxBObuc+TTPji490wuei1Qb32:BGEMuDCQL97HNkEAFxBaF0Xi49hviP
Score

6^/10

microsoft persistence phishing
- Adds Run key to start application
  persistence
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

microsoftpersistencephishing

© 2018-2024

Terms | Privacy