Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    264KB

  • Sample

    221212-w92z8seh8v

  • MD5

    f30fdf64dbff6ade560a29894dfdb758

  • SHA1

    ecc9ec6b0d2e7b4385914b4ad22c2db4447c8789

  • SHA256

    def089cb330e10804e45b5eceb4702974cb9b2011b7160e0ce4c09efba53d6fb

  • SHA512

    8c31d393237779014f67c1c89d597f65c5470a8a98bd4ebeede296d13c722ebfaaefc79e5478475c06e7b50452291d2bab353a9bd97da73361a65adeeab64155

  • SSDEEP

    3072:jSovv6cGn/mfNzy473vg6pO3USAY00D2nxruIFjsXbafErXJKc:jSovyLOfNQCsUSAP/xrFeLafqXJKc

Score
10/10
redlineinstallinfostealerspyware

Malware Config

Extracted

Family

redline

Botnet

Install

C2

142.93.198.232:81

Attributes
  • auth_value

    f9affed97251c08e7a096257ba9edfb2

Targets

    • Target

      file.exe

    • Size

      264KB

    • MD5

      f30fdf64dbff6ade560a29894dfdb758

    • SHA1

      ecc9ec6b0d2e7b4385914b4ad22c2db4447c8789

    • SHA256

      def089cb330e10804e45b5eceb4702974cb9b2011b7160e0ce4c09efba53d6fb

    • SHA512

      8c31d393237779014f67c1c89d597f65c5470a8a98bd4ebeede296d13c722ebfaaefc79e5478475c06e7b50452291d2bab353a9bd97da73361a65adeeab64155

    • SSDEEP

      3072:jSovv6cGn/mfNzy473vg6pO3USAY00D2nxruIFjsXbafErXJKc:jSovyLOfNQCsUSAP/xrFeLafqXJKc

    Score
    10/10
    redlineinstallinfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks