Overview

overview

10

Static

static

SecuriteIn...38.exe

windows7-x64

10

SecuriteIn...38.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Win32.PWSX-gen.8691.938.exe

  • Size

    216KB

  • Sample

    221129-w6mfdahb2w

  • MD5

    f8e7a76a16a7a6b0793c9260df05b06c

  • SHA1

    e7c8af11bcd065b47ab982264a25be38cbd31934

  • SHA256

    626e07226e9f06b1b086dd799a3662bddd61d387fc2c098496e872b739d3c1b2

  • SHA512

    ed51d4d8799e1cc99eeaa491812b5fe2b219ebefe750b6fe95ed34778327ae5f73bba3e9247906e8ab71ae5aec931013223b59c70d002d30d1a33cef6cfde1ee

  • SSDEEP

    3072:1hbc8yCxsFNcEyyrJ9WU4khLTvPZFzD0yfZNuzK/hRp1d53CDX5dINLqVqU:6CxGNp7FUyf2AhZjwINut

Score
10/10
redline@p1infostealerspyware

Malware Config

Extracted

Family

redline

Botnet

@P1

C2

193.106.191.138:32796

Attributes
  • auth_value

    54c79ce081122137049ee07c0a2f38ab

Targets

    • Target

      SecuriteInfo.com.Win32.PWSX-gen.8691.938.exe

    • Size

      216KB

    • MD5

      f8e7a76a16a7a6b0793c9260df05b06c

    • SHA1

      e7c8af11bcd065b47ab982264a25be38cbd31934

    • SHA256

      626e07226e9f06b1b086dd799a3662bddd61d387fc2c098496e872b739d3c1b2

    • SHA512

      ed51d4d8799e1cc99eeaa491812b5fe2b219ebefe750b6fe95ed34778327ae5f73bba3e9247906e8ab71ae5aec931013223b59c70d002d30d1a33cef6cfde1ee

    • SSDEEP

      3072:1hbc8yCxsFNcEyyrJ9WU4khLTvPZFzD0yfZNuzK/hRp1d53CDX5dINLqVqU:6CxGNp7FUyf2AhZjwINut

    Score
    10/10
    redline@p1infostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks