Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    1.5MB

  • Sample

    230112-sjfsjagd66

  • MD5

    4ce5a9897f109ff5cedee3d2cee8b231

  • SHA1

    cd11d31a5ffb57a21eb5c4ddfde2c0b8f874da31

  • SHA256

    de232478760fe7e38a80ac8b6fd94b66d3d8983c88e922272f88fd0ceb5669fd

  • SHA512

    0c3c12a3093eaa91030e9777f0c651266056d8306b1b2d1476ae4616c9a3b86c5f46574c2c5859df8e8f5e8822ae5fbdad8a37665ffb7433cd9ae3d46d4ba5ad

  • SSDEEP

    12288:8K3h2hQSfM+5WRL2NZFXwVayFhK5BtoO4S3BsJRam0OzaMR99XJqAnAHNiIwAMJe:0Nes/lZEBNMSOnTYckZFONEIfcig6

Score
10/10
redlinetestssinfostealerspyware

Malware Config

Extracted

Family

redline

Botnet

testss

C2

79.137.192.41:45006

Attributes
  • auth_value

    1d72b5d662f45b1b35fdb208f644a5bb

Targets

    • Target

      file.exe

    • Size

      1.5MB

    • MD5

      4ce5a9897f109ff5cedee3d2cee8b231

    • SHA1

      cd11d31a5ffb57a21eb5c4ddfde2c0b8f874da31

    • SHA256

      de232478760fe7e38a80ac8b6fd94b66d3d8983c88e922272f88fd0ceb5669fd

    • SHA512

      0c3c12a3093eaa91030e9777f0c651266056d8306b1b2d1476ae4616c9a3b86c5f46574c2c5859df8e8f5e8822ae5fbdad8a37665ffb7433cd9ae3d46d4ba5ad

    • SSDEEP

      12288:8K3h2hQSfM+5WRL2NZFXwVayFhK5BtoO4S3BsJRam0OzaMR99XJqAnAHNiIwAMJe:0Nes/lZEBNMSOnTYckZFONEIfcig6

    Score
    10/10
    redlinetestssinfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks