Overview

overview

10

Static

static

1

Setup.exe

windows7-x64

10

Setup.exe

windows10-2004-x64

10

Resubmissions

04/02/2023, 03:59

230204-ekfl9sce47 1

04/02/2023, 03:56

230204-ehbkjace42 10

04/02/2023, 03:55

230204-egynnsce38 1

04/02/2023, 03:52

230204-ee5zzace34 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Setup.exe

  • Size

    258KB

  • Sample

    230204-ee5zzace34

  • MD5

    e71ae071607ae2fa2bc69038fa83f738

  • SHA1

    b2214602297e322958f4986159d201fb135295e7

  • SHA256

    962fa040e7c60298b1523fd4067387b4bd7e1608e91d4b46c52b5086fb4e96a1

  • SHA512

    3149312c28817d84c535bdf8d6b5bd3380eaa52e609392df9313c995976ec4c6b27022835fc75ebee1b330505c5abb39cffdc5aa75c82755e138a4664c92d649

  • SSDEEP

    6144:aX7Ih0Z1f/KsPrn35gwqdR/a7an16pn/ipH49zrUC0FVDtAGj5aGuDGBGmGZoGTd:aLI4RKcjpaRqanTR49zo7zLc+6hzO9Tt

Score
10/10
redlineinfostealerpersistencespyware

Malware Config

Extracted

Family

redline

C2

185.215.113.69:15544

Attributes
  • auth_value

    83219c09b09533f8a35163337151c1f4

Targets

    • Target

      Setup.exe

    • Size

      258KB

    • MD5

      e71ae071607ae2fa2bc69038fa83f738

    • SHA1

      b2214602297e322958f4986159d201fb135295e7

    • SHA256

      962fa040e7c60298b1523fd4067387b4bd7e1608e91d4b46c52b5086fb4e96a1

    • SHA512

      3149312c28817d84c535bdf8d6b5bd3380eaa52e609392df9313c995976ec4c6b27022835fc75ebee1b330505c5abb39cffdc5aa75c82755e138a4664c92d649

    • SSDEEP

      6144:aX7Ih0Z1f/KsPrn35gwqdR/a7an16pn/ipH49zrUC0FVDtAGj5aGuDGBGmGZoGTd:aLI4RKcjpaRqanTR49zo7zLc+6hzO9Tt

    Score
    10/10
    redlineinfostealerspywarepersistence

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks