Overview

overview

10

Static

static

e85eb2e267...31.exe

windows7-x64

10

e85eb2e267...31.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e85eb2e2678d8591cca5815b265a24c1578d115de282380c02a83c756b478a31

  • Size

    138KB

  • Sample

    221205-rx2fqacg3x

  • MD5

    3b24474846677189dbf7f79e8389ddf1

  • SHA1

    3fe73bc04fb0ef5d4ab115e80b40fdc5a0d806c6

  • SHA256

    4536bda8f367fb61325c5a651f16064b118e70b8ef10b2a936862607fa06e7b0

  • SHA512

    00e5abee3bae27ff993fa82c5efd5f8bbc2abdb1663dfd59eeb43a041ed4daded2dc030f36a679eded82726bf1f79be3663745a412d651ce9b806470559bbd5f

  • SSDEEP

    3072:voq6m4T5A/pxXSAWp4PYOee/P2Y2iWkIVVku1cz5acs/qohfp6l:voq6m4T5qpNnWOTee/qU6Vku1yaf/qoI

Score
10/10
redline@p1infostealerspyware

Malware Config

Extracted

Family

redline

Botnet

@P1

C2

193.106.191.138:32796

Attributes
  • auth_value

    54c79ce081122137049ee07c0a2f38ab

Targets

    • Target

      e85eb2e2678d8591cca5815b265a24c1578d115de282380c02a83c756b478a31

    • Size

      217KB

    • MD5

      f9a3d6f2837cc1bed784a815ee6c9279

    • SHA1

      4efd65d9c20eecaa9e2d30de9f1ad26136a73711

    • SHA256

      e85eb2e2678d8591cca5815b265a24c1578d115de282380c02a83c756b478a31

    • SHA512

      43b755099d781ee4998acfc9338fb95e7569c138765c0827a2b05a57c3c2a8e6bd6ff7fb2dbc33d3ba05f5e97f438087c6973b99b9e242be9c91c84ab093ad05

    • SSDEEP

      3072:eliReiFzW0qu7b4ee8fwmGzPMWxS+bsqLCX3knb95IcWdXCY9bTAIrFldT0cYxO:eliRewNveMwTDM4RVCkbSCY9f1b

    Score
    10/10
    redline@p1infostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks