Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    217KB

  • Sample

    221123-pxb5qacd82

  • MD5

    b0c5c151249d7428e03945e616140b72

  • SHA1

    f6c590bd2a41ce149bdcc0e7715a046593da3fd0

  • SHA256

    a551f426ce655d03096a708ffd0fdec2f2a73900ce7a2688669dd652373711d5

  • SHA512

    ce9bdfb7f8e08d676c59fd5ed68db34db3d524647e6ee7ef0ab37f742b0f8c4eb8750fd613a1d5cf20d7f52997e9c67d6e22d0e9a363669359483579ee5b74a8

  • SSDEEP

    3072:EW84v790Lox+J4ETyre2xRc0jqr76OlnA9DMpYU4KZe8JbJ3Yl6PR+cpY8jwVS:EWfvZ0Loqwe2xrjq6O4MJ4bM5Y4+cE

Score
10/10
redline@madboyzainfostealerspyware

Malware Config

Extracted

Family

redline

Botnet

@madboyza

C2

193.106.191.138:32796

Attributes
  • auth_value

    9bfce7bfb110f8f53d96c7a32c655358

Targets

    • Target

      file.exe

    • Size

      217KB

    • MD5

      b0c5c151249d7428e03945e616140b72

    • SHA1

      f6c590bd2a41ce149bdcc0e7715a046593da3fd0

    • SHA256

      a551f426ce655d03096a708ffd0fdec2f2a73900ce7a2688669dd652373711d5

    • SHA512

      ce9bdfb7f8e08d676c59fd5ed68db34db3d524647e6ee7ef0ab37f742b0f8c4eb8750fd613a1d5cf20d7f52997e9c67d6e22d0e9a363669359483579ee5b74a8

    • SSDEEP

      3072:EW84v790Lox+J4ETyre2xRc0jqr76OlnA9DMpYU4KZe8JbJ3Yl6PR+cpY8jwVS:EWfvZ0Loqwe2xrjq6O4MJ4bM5Y4+cE

    Score
    10/10
    redline@madboyzainfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks