Overview

overview

10

Static

static

Setup.exe

windows7-x64

10

Setup.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Setup.exe

  • Size

    285KB

  • Sample

    221207-jnprkabd9x

  • MD5

    5cfa19fc5811fcaafd26de313f6a67d0

  • SHA1

    218b91b62ad4a5c42341d9fcf3ddffd561c7c5fb

  • SHA256

    320c3ab3a11d62f65a3922d89492b8bb40ca01388f00fe6b33e4b7ed5f359de7

  • SHA512

    97f4d53a06fa71b19d73e4caf2e6776d6c497d3a8a2ed47c316bb36903c3c9c9b43b027f814171b421a837c63afc520391478e43ad220db7145e089d8ac8d1a2

  • SSDEEP

    6144:y/qXUwga+F02VoLSBNiAQ3/MOXJeg9K4VcpwU9/PZisBJeZx:6qXUta+KLU+/JZeg0siPvBJeZx

Score
10/10
redlineyoutubediscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

Youtube

C2

94.130.25.22:7996

Attributes
  • auth_value

    6813bf51368103ee00321290e8b3d6d5

Targets

    • Target

      Setup.exe

    • Size

      285KB

    • MD5

      5cfa19fc5811fcaafd26de313f6a67d0

    • SHA1

      218b91b62ad4a5c42341d9fcf3ddffd561c7c5fb

    • SHA256

      320c3ab3a11d62f65a3922d89492b8bb40ca01388f00fe6b33e4b7ed5f359de7

    • SHA512

      97f4d53a06fa71b19d73e4caf2e6776d6c497d3a8a2ed47c316bb36903c3c9c9b43b027f814171b421a837c63afc520391478e43ad220db7145e089d8ac8d1a2

    • SSDEEP

      6144:y/qXUwga+F02VoLSBNiAQ3/MOXJeg9K4VcpwU9/PZisBJeZx:6qXUta+KLU+/JZeg0siPvBJeZx

    Score
    10/10
    redlineyoutubediscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks