Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    262KB

  • Sample

    221213-jvej6sec53

  • MD5

    a9dd9348a0830403e7d04b3a7f63e26f

  • SHA1

    c3acbfb7d9dbaa89315aa1460600852391a7d464

  • SHA256

    ea99537fe2281713f9b20202805333fc42e6add48d82626b60fa09f2c47e7117

  • SHA512

    65a2e3ff57d4e2000e9e619b9809de5ac28eac2ccc0d46da14ea1f01983f27946ef54aac15d468820a09e2f97aeb2b53f260a2f63b7549d1cc65e2b5df5eddd0

  • SSDEEP

    3072:DrcM/3COf9blMD0ygppHRKFGlpWORX+yooRybZY7fDGNmls42ajw8xCx0PZjc:DQaNf9dpID9xCjEFWPZjc

Score
10/10
redlineinstallinfostealerspyware

Malware Config

Extracted

Family

redline

Botnet

Install

C2

142.93.198.232:81

Attributes
  • auth_value

    f9affed97251c08e7a096257ba9edfb2

Targets

    • Target

      file.exe

    • Size

      262KB

    • MD5

      a9dd9348a0830403e7d04b3a7f63e26f

    • SHA1

      c3acbfb7d9dbaa89315aa1460600852391a7d464

    • SHA256

      ea99537fe2281713f9b20202805333fc42e6add48d82626b60fa09f2c47e7117

    • SHA512

      65a2e3ff57d4e2000e9e619b9809de5ac28eac2ccc0d46da14ea1f01983f27946ef54aac15d468820a09e2f97aeb2b53f260a2f63b7549d1cc65e2b5df5eddd0

    • SSDEEP

      3072:DrcM/3COf9blMD0ygppHRKFGlpWORX+yooRybZY7fDGNmls42ajw8xCx0PZjc:DQaNf9dpID9xCjEFWPZjc

    Score
    10/10
    redlineinstallinfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks