Overview

overview

10

Static

static

10

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    249KB

  • Sample

    221216-14259saf5t

  • MD5

    b6a18789ab0263f4eab7ab97287ecbee

  • SHA1

    8787cee17a183d20ad0251076168953110ab90be

  • SHA256

    651ee42db18f616fad32be821a25bed84dc6c75bad45284382273d3d07d55597

  • SHA512

    a1c2c4e3658b041c50948aabc2c86b54a190b7cbcf335825b7e6f631cf06118e5a643c1b9cef47e400691c085c102b92aac4b8210bb35b728ccafe5bafe615bb

  • SSDEEP

    1536:x6r3JgI5plLY23JQvnFCohuftzEPKqa4gi6CMhSZFiyBRZkKs3I6C04s1lPkWttv:xK3xtLY2NfWyq+wpRTMaqx

Score
10/10
redlineinstallinfostealerspyware

Malware Config

Extracted

Family

redline

Botnet

Install

C2

142.93.198.232:81

Attributes
  • auth_value

    f9affed97251c08e7a096257ba9edfb2

Targets

    • Target

      file.exe

    • Size

      249KB

    • MD5

      b6a18789ab0263f4eab7ab97287ecbee

    • SHA1

      8787cee17a183d20ad0251076168953110ab90be

    • SHA256

      651ee42db18f616fad32be821a25bed84dc6c75bad45284382273d3d07d55597

    • SHA512

      a1c2c4e3658b041c50948aabc2c86b54a190b7cbcf335825b7e6f631cf06118e5a643c1b9cef47e400691c085c102b92aac4b8210bb35b728ccafe5bafe615bb

    • SSDEEP

      1536:x6r3JgI5plLY23JQvnFCohuftzEPKqa4gi6CMhSZFiyBRZkKs3I6C04s1lPkWttv:xK3xtLY2NfWyq+wpRTMaqx

    Score
    10/10
    redlineinstallinfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks