Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    1.0MB

  • Sample

    221206-r5vm5sgb52

  • MD5

    956ca08ee57be73ac0553ee9d746c2ab

  • SHA1

    1cadb0b1c309a084b6d750cbdbe17d61e7d5af6d

  • SHA256

    055d83bcccec065b499934243c2e13fce770eb99e33f3718c3dff21410492cd8

  • SHA512

    e7c403179416b365862a30b171bd3c2fa171733185bc1bac4e0619c78252232c5701cc9288f4c3d3a97a929904f50b8dc4f4aa28db8b41cb722dc33c07d7a9e0

  • SSDEEP

    12288:MBTrkSnXEjuI++KnE9gTHGaFbudB9AfXmYorqVhbBi:KTrkSnXYuEaTHdIAfXmJrqVhb8

Score
10/10
redline06.12privatediscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

private

C2

151.80.89.227:45878

Attributes
  • auth_value

    60894ac4c1d4d6c9ffb36078809b8c34

Extracted

Family

redline

Botnet

06.12

C2

81.161.229.143:26910

Attributes
  • auth_value

    0061b5af99ee5ea0578c1fe360993853

Targets

    • Target

      file.exe

    • Size

      1.0MB

    • MD5

      956ca08ee57be73ac0553ee9d746c2ab

    • SHA1

      1cadb0b1c309a084b6d750cbdbe17d61e7d5af6d

    • SHA256

      055d83bcccec065b499934243c2e13fce770eb99e33f3718c3dff21410492cd8

    • SHA512

      e7c403179416b365862a30b171bd3c2fa171733185bc1bac4e0619c78252232c5701cc9288f4c3d3a97a929904f50b8dc4f4aa28db8b41cb722dc33c07d7a9e0

    • SSDEEP

      12288:MBTrkSnXEjuI++KnE9gTHGaFbudB9AfXmYorqVhbBi:KTrkSnXYuEaTHdIAfXmJrqVhb8

    Score
    10/10
    redline06.12privatediscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks