Overview

overview

10

Static

static

10

3bb977fda5...60.exe

windows7-x64

10

3bb977fda5...60.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3bb977fda504647a2f21a19b67c3edf91ea1eb35166258164eb89b8ae1603c60

  • Size

    137KB

  • Sample

    221129-a9b8xseb77

  • MD5

    0a793a6b9941c49675a47a2bc91cb420

  • SHA1

    ff051cc2d9cf081e863f5bb8c3d2449c28f12c7f

  • SHA256

    3bb977fda504647a2f21a19b67c3edf91ea1eb35166258164eb89b8ae1603c60

  • SHA512

    fd695f62ef32f79f3b4e5c57c68056b004355d5a16e6558bfb310f8ded03c837fe5f505f5a4f433a740fa0b980a71962571c3dd4ed86d95146a22f126850dc36

  • SSDEEP

    3072:zYO/ZMTFXn+IILj04nfwE64jTpWFByRPOhmSSU6s:zYMZMBXnbI8CfwwpvpOhI

Score
10/10
redlinelegediscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

Lege

C2

31.41.244.14:4694

Attributes
  • auth_value

    096090aaf3ba0872338140cec5689868

Targets

    • Target

      3bb977fda504647a2f21a19b67c3edf91ea1eb35166258164eb89b8ae1603c60

    • Size

      137KB

    • MD5

      0a793a6b9941c49675a47a2bc91cb420

    • SHA1

      ff051cc2d9cf081e863f5bb8c3d2449c28f12c7f

    • SHA256

      3bb977fda504647a2f21a19b67c3edf91ea1eb35166258164eb89b8ae1603c60

    • SHA512

      fd695f62ef32f79f3b4e5c57c68056b004355d5a16e6558bfb310f8ded03c837fe5f505f5a4f433a740fa0b980a71962571c3dd4ed86d95146a22f126850dc36

    • SSDEEP

      3072:zYO/ZMTFXn+IILj04nfwE64jTpWFByRPOhmSSU6s:zYMZMBXnbI8CfwwpvpOhI

    Score
    10/10
    redlinelegediscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks