Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    646KB

  • Sample

    221215-sdbavscf38

  • MD5

    3cf82d90a4c48001a3e6eaf0b73b2139

  • SHA1

    ee63807ccb442518b3b873827b535a881a2b441c

  • SHA256

    100249876be21bbb02dfdaf7716b7cfe94d5726beba402c7ead0090ae52a476c

  • SHA512

    6926c6de111c265db266a1fab6f7e04aa48769e772b644bbd4cf4298e9d61836f133b0cf03655d38263989e92df6eecb43fcfe0e5c06177dc81e0a4b3c648513

  • SSDEEP

    12288:Fa+6L8dCmx+5dcAG9TxMZ68v4D0nqlIms3+:FvVCmW9G9OZ68v47u3+

Score
10/10
redlineqqinfostealerspyware

Malware Config

Extracted

Family

redline

Botnet

qq

C2

79.137.192.41:22002

Attributes
  • auth_value

    e8ac1be31d35702b6f71bee03fac7e82

Targets

    • Target

      file.exe

    • Size

      646KB

    • MD5

      3cf82d90a4c48001a3e6eaf0b73b2139

    • SHA1

      ee63807ccb442518b3b873827b535a881a2b441c

    • SHA256

      100249876be21bbb02dfdaf7716b7cfe94d5726beba402c7ead0090ae52a476c

    • SHA512

      6926c6de111c265db266a1fab6f7e04aa48769e772b644bbd4cf4298e9d61836f133b0cf03655d38263989e92df6eecb43fcfe0e5c06177dc81e0a4b3c648513

    • SSDEEP

      12288:Fa+6L8dCmx+5dcAG9TxMZ68v4D0nqlIms3+:FvVCmW9G9OZ68v47u3+

    Score
    10/10
    redlineqqinfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks