Overview

overview

10

Static

static

dc4753d7f1...08.exe

windows7-x64

10

dc4753d7f1...08.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dc4753d7f1d8e4a766e8c86591211f8f691f709589bf0842d0f5a2d06152ac08

  • Size

    329KB

  • Sample

    230104-t6z1csgh46

  • MD5

    f8712f4ad269a97ad6b9091440f1f4d9

  • SHA1

    e3d211456ba12c8f39ef399365edc776618108d6

  • SHA256

    195400fdb053f588f27d4a4c70c302ec00c15056902cab226a59264eb47c5bcb

  • SHA512

    45fa3cf0006a12568820fcd756fa5372147171ba435edb2842d903e3ea2b88ec497f21dff0a0aebae6e89b2ba0d7f3d39ae8a2a6584b5807a2563493e116d871

  • SSDEEP

    6144:5Ns9DHNm9lF2H1Q1uGZFwAdg7qwt1DFcx9gmYqs/hX8xkp1uC3p:5Ns9sB2qxvbsygX8xkp1uC3p

Score
10/10
redlinesportdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

sport

C2

31.41.244.98:4063

Attributes
  • auth_value

    82cce55eeb56b322651e98032c09d225

Targets

    • Target

      dc4753d7f1d8e4a766e8c86591211f8f691f709589bf0842d0f5a2d06152ac08

    • Size

      466KB

    • MD5

      4de6e8bf3ffc4d32a51e778561e05a6e

    • SHA1

      aa25cc6b33971f964f9ce13970720625d6ec6856

    • SHA256

      dc4753d7f1d8e4a766e8c86591211f8f691f709589bf0842d0f5a2d06152ac08

    • SHA512

      17e00b066e82a2be0a46ea4d7995c03a6c15b96b182f2667fc4dbe4bb0f839fc710e2bee306e9fe0daaf5cfa3b1bfc40755bddbf9f0950a87738bdf1de22828e

    • SSDEEP

      6144:clsLB1B3EtoZFwAtg7qwt1DFcx9g6YMSsDwaIoxupmL7wjT:cSzBbvPeyysVIoxupmL7

    Score
    10/10
    redlinesportdiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks