Overview

overview

10

Static

static

r.exe

windows7-x64

8

r.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    glu.zip

  • Size

    2.1MB

  • Sample

    230130-ycp1hsdh6t

  • MD5

    208e0e5404b377ff4a61e424c74892a3

  • SHA1

    1cbb639d4a4058ca24dc0be5335cd6fb7fbb48b5

  • SHA256

    d85391521bd9c46bc3a0ecae974f9f985cc0f5bdecf62103409a8d55fbd4ebd8

  • SHA512

    a91b50cb2230fc766dff1076b414e1e82cb093828fe97cdf017bb9e44d2c594c99d97eba012bbc07c468600599eb7c63dfebf4d1f43341c7fbe8feeafc7f8517

  • SSDEEP

    49152:YAsezdpBwKmuXFEfP/BudXopbF0t5FKH4ac3YD+:YQxpBHDXo/U+z8+YYD+

Score
10/10
redline767infostealerspywareupx

Malware Config

Extracted

Family

redline

Botnet

767

C2

88.218.171.110:39314

Attributes
  • auth_value

    15af7981abaac4894e19d6f7633cdd20

Targets

    • Target

      r.exe

    • Size

      726.0MB

    • MD5

      925d0a37d33fdbac9033db87536eb11e

    • SHA1

      e76d4838dd6db6bdf50664652f3cca9bfed6e7a8

    • SHA256

      5177282965eb65aa04252de17b99d0533d82cdddead523238e893dd0d5d1dd54

    • SHA512

      2c2c2c07e0746a5d8c691bd67f28a0077457127ebfb2a43857ab04c445af909d765dbc9eb8f218d7bc9b301ce60243d70352e8a639c86e9d2bf23bd7452de5a8

    • SSDEEP

      49152:J2Ed3BvKmu/5f5tZnmTzXGVpTNkt5jgRqaq8STli:J2G3BSD//tpcCVDsCyTA

    Score
    10/10
    upxredline767infostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks