Overview

overview

10

Static

static

d6dfa354ae...6e.exe

windows7-x64

10

d6dfa354ae...6e.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d6dfa354ae7f94da16a5cfe204937c6e.exe

  • Size

    25KB

  • Sample

    221206-xbrbhsda87

  • MD5

    d6dfa354ae7f94da16a5cfe204937c6e

  • SHA1

    7ab3d9fa5b90c32f6d0303e9cb05dda28b356e6f

  • SHA256

    6e3656810664d0e6a74f09a5fd3371e498fba1845d80324e15f9dee88a680948

  • SHA512

    3850df48370bbb921f2376f9659614fd494a186ad084e79d653cce43d26c1fe1e6979129538358d5b97e2f5bdedba0a3f6d1c38c4b06abac9d31a88357999431

  • SSDEEP

    192:2pNkxGLU2mkJ29bjf++HQ8mdi5JWv14UgLaDyuHnhWgN7asWrfsQlmqnaj8yikA:hxGLU2mkJ29O+HsgGc4HRN7E6loyNA

Score
10/10
redlinegadsdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

gads

C2

185.238.171.5:14444

Attributes
  • auth_value

    da6b2d49d41dfa428b9b0ade28cb316e

Targets

    • Target

      d6dfa354ae7f94da16a5cfe204937c6e.exe

    • Size

      25KB

    • MD5

      d6dfa354ae7f94da16a5cfe204937c6e

    • SHA1

      7ab3d9fa5b90c32f6d0303e9cb05dda28b356e6f

    • SHA256

      6e3656810664d0e6a74f09a5fd3371e498fba1845d80324e15f9dee88a680948

    • SHA512

      3850df48370bbb921f2376f9659614fd494a186ad084e79d653cce43d26c1fe1e6979129538358d5b97e2f5bdedba0a3f6d1c38c4b06abac9d31a88357999431

    • SSDEEP

      192:2pNkxGLU2mkJ29bjf++HQ8mdi5JWv14UgLaDyuHnhWgN7asWrfsQlmqnaj8yikA:hxGLU2mkJ29O+HsgGc4HRN7E6loyNA

    Score
    10/10
    redlinegadsdiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks