Overview

overview

10

Static

static

40b8a27035...d0.exe

windows7-x64

10

40b8a27035...d0.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    40b8a2703596e229aee33662ff2bb0f64acddd6e9273c06fb95b28159c75edd0

  • Size

    329KB

  • Sample

    230104-yxafkahe83

  • MD5

    b2bd4cfb6ff4e8ace9e47234fcd7e3a8

  • SHA1

    e2ff90aa7e466c606a4086bb6750387fc3f9a1d2

  • SHA256

    b52cc028ff91e8d87d63c5b9a4e8c2fea167aa286534d2dec6a2a2acdeadc535

  • SHA512

    72fb04a6a39ce7a39b15adaf93a4ef02af3d2d4bbb005c768aa0ca4a4a9dc5fe954aa0ab56b9c8b03b192db2669c09a7cab8a76b3fba11ad78e183567389ba20

  • SSDEEP

    6144:rNPhdoAerMA4yVZvkM3i+Qpt/1VpciytHhx26pHyMd:rl8b4y/3i+QRcfhVHd

Score
10/10
redlinesportdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

sport

C2

31.41.244.98:4063

Attributes
  • auth_value

    82cce55eeb56b322651e98032c09d225

Targets

    • Target

      40b8a2703596e229aee33662ff2bb0f64acddd6e9273c06fb95b28159c75edd0

    • Size

      466KB

    • MD5

      d369f50384ef0c7d3b5e310a39e1e649

    • SHA1

      84863544a34985e6439d69efcdd5da6b9e556e13

    • SHA256

      40b8a2703596e229aee33662ff2bb0f64acddd6e9273c06fb95b28159c75edd0

    • SHA512

      3ebf7d7dfd403a329bd13787573248da2babe317a637eb794877ba3c6aa8f36c7ea90240d2f09c32ccf233ea795f2bdedd1a8a7b8b6259694f798b6d4be4a02b

    • SSDEEP

      6144:YV1LqFtsZXHXXedA42VZ/k23i+Q2B4aJoxupmLKdXjT:Y/u/sZ3Xb4ur3i+Qy/JoxupmLK

    Score
    10/10
    redlinesportdiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks