Overview

overview

10

Static

static

b613c33ea1...bb.exe

windows7-x64

10

b613c33ea1...bb.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b613c33ea1ca7d21c3114f5013964dbb.exe

  • Size

    2.2MB

  • Sample

    230125-m7d1ysfg82

  • MD5

    b613c33ea1ca7d21c3114f5013964dbb

  • SHA1

    c54011895b450afdd90216f845afb28fd86dbb7a

  • SHA256

    dcf4a9e709b5f1dd912e2455dfeb7267548c5f0597b92d2fd67b8d7cba097377

  • SHA512

    b35364305b98ddb89f6f78ef438369409a853944bf0bdb8594a58d03fc7336b2e68e77e2cdd4d14d8fba94810fb2653b230987d8aff7d84ebd7fba8aabb631fa

  • SSDEEP

    24576:KTXEPcN5JzQAMsJKStXO7sLeNVrMrtxZC1c6sDkFWE+QQdOvV/J0lDAdsBlwOxXD:gVVO7keNWuahOORJ/

Score
10/10
redlineevasioninfostealerspywaretrojan

Malware Config

Extracted

Family

redline

C2

95.217.146.176:4283

Attributes
  • auth_value

    a909e2aaecf96137978fea4f86400b9b

Targets

    • Target

      b613c33ea1ca7d21c3114f5013964dbb.exe

    • Size

      2.2MB

    • MD5

      b613c33ea1ca7d21c3114f5013964dbb

    • SHA1

      c54011895b450afdd90216f845afb28fd86dbb7a

    • SHA256

      dcf4a9e709b5f1dd912e2455dfeb7267548c5f0597b92d2fd67b8d7cba097377

    • SHA512

      b35364305b98ddb89f6f78ef438369409a853944bf0bdb8594a58d03fc7336b2e68e77e2cdd4d14d8fba94810fb2653b230987d8aff7d84ebd7fba8aabb631fa

    • SSDEEP

      24576:KTXEPcN5JzQAMsJKStXO7sLeNVrMrtxZC1c6sDkFWE+QQdOvV/J0lDAdsBlwOxXD:gVVO7keNWuahOORJ/

    Score
    10/10
    redlineevasioninfostealerspywaretrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks