Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    file.exe

  • Size

    499KB

  • Sample

    230104-sx2xxsgf33

  • MD5

    88bdede04b54e1e36a84c1813399e5fd

  • SHA1

    a98311609956ffe25e737627a293e68e53f42cc7

  • SHA256

    1456e683938bddec35c2e6ad6ee0481e202a83b2ec67a14dacaf53954c2ac127

  • SHA512

    20bac2b355953fbcc43da8643e6dc4a502af989c42f43e80a1da56cd998fea09092c1b16fbf3c111eef6148d0135980aa619cbcef047d04735e5adf71fee8dd1

  • SSDEEP

    12288:O6c2jmCoj/NAlKiKrCDt1QBJ7FCoxupmL+:Oje0jlAsinD0BJMoUYL+

Score
10/10
redline@new@2023discoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

@new@2023

C2

77.73.133.62:22344

Attributes
  • auth_value

    8284279aedaed026a9b7cb9c1c0be4e4

Targets

    • Target

      file.exe

    • Size

      499KB

    • MD5

      88bdede04b54e1e36a84c1813399e5fd

    • SHA1

      a98311609956ffe25e737627a293e68e53f42cc7

    • SHA256

      1456e683938bddec35c2e6ad6ee0481e202a83b2ec67a14dacaf53954c2ac127

    • SHA512

      20bac2b355953fbcc43da8643e6dc4a502af989c42f43e80a1da56cd998fea09092c1b16fbf3c111eef6148d0135980aa619cbcef047d04735e5adf71fee8dd1

    • SSDEEP

      12288:O6c2jmCoj/NAlKiKrCDt1QBJ7FCoxupmL+:Oje0jlAsinD0BJMoUYL+

    Score
    10/10
    redline@new@2023discoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks