Overview

overview

10

Static

static

8bcc8f91ea...e9.exe

windows7-x64

10

8bcc8f91ea...e9.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8bcc8f91eac6071e201893b8e24ba3e9.exe

  • Size

    398KB

  • Sample

    221225-kbvbysed8w

  • MD5

    8bcc8f91eac6071e201893b8e24ba3e9

  • SHA1

    9c5fae6c14e3bf42db272ec2847b338eb7b91dfc

  • SHA256

    8e2e0590b0418adf88d487f37a49107538e7e2d243f165845852c3f7ece6a337

  • SHA512

    0afa75b87d0ee9d08a3d91d0c0ec905056f155a5d6fe385d7f4b0d9b9caa656f37373ea924205d0e74fb5a8b2ef7ef6d9f55e66842309bcc04c1254d5628ea04

  • SSDEEP

    12288:Mygxer6dluLigEZoNZ6RF2Rybootouo7CypP7:GuOdZ6ZyF2Ybootouo7VZ7

Score
10/10
redline11infostealerspyware

Malware Config

Extracted

Family

redline

Botnet

11

C2

79.137.202.18:45218

Attributes
  • auth_value

    107e09eee63158d2488feb03dac75204

Targets

    • Target

      8bcc8f91eac6071e201893b8e24ba3e9.exe

    • Size

      398KB

    • MD5

      8bcc8f91eac6071e201893b8e24ba3e9

    • SHA1

      9c5fae6c14e3bf42db272ec2847b338eb7b91dfc

    • SHA256

      8e2e0590b0418adf88d487f37a49107538e7e2d243f165845852c3f7ece6a337

    • SHA512

      0afa75b87d0ee9d08a3d91d0c0ec905056f155a5d6fe385d7f4b0d9b9caa656f37373ea924205d0e74fb5a8b2ef7ef6d9f55e66842309bcc04c1254d5628ea04

    • SSDEEP

      12288:Mygxer6dluLigEZoNZ6RF2Rybootouo7CypP7:GuOdZ6ZyF2Ybootouo7VZ7

    Score
    10/10
    redline11infostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks