Overview

overview

10

Static

static

1

424aa4b69a...eb.exe

windows7-x64

10

424aa4b69a...eb.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    424aa4b69afdf7a422f551f0cf3eddeb.exe

  • Size

    528KB

  • Sample

    230209-rbjnsaef89

  • MD5

    424aa4b69afdf7a422f551f0cf3eddeb

  • SHA1

    0bb38c9deb06d9c03b76b303872ab6c2613c3f35

  • SHA256

    40c670bb50b4f05b3f9d45b23870927b8035598e6905afc55473925dcbd9a6cb

  • SHA512

    62df234e5fe22e90206868b77d98c8b473ec1ca171fe572139c3c0099ecc2fad980cf21eb9558bb690f8cf7a7ca69dd30e68c7d8249ca0a1bb69af275f0af7fd

  • SSDEEP

    3072:3Y89W5Hon128oj0yjObfQ/lI/GwT2k/+Hvr8XpyZZWBG/Pa2tYpIQPqb:3Y8v128ow+oT2kmHv6CF3aU1

Score
10/10
redline0402chqallengeinfostealerspyware

Malware Config

Extracted

Family

redline

Botnet

0402chqallenge

C2

45.15.157.156:10562

Attributes
  • auth_value

    d77060ab8876ae21a4f5083b1325f78d

Targets

    • Target

      424aa4b69afdf7a422f551f0cf3eddeb.exe

    • Size

      528KB

    • MD5

      424aa4b69afdf7a422f551f0cf3eddeb

    • SHA1

      0bb38c9deb06d9c03b76b303872ab6c2613c3f35

    • SHA256

      40c670bb50b4f05b3f9d45b23870927b8035598e6905afc55473925dcbd9a6cb

    • SHA512

      62df234e5fe22e90206868b77d98c8b473ec1ca171fe572139c3c0099ecc2fad980cf21eb9558bb690f8cf7a7ca69dd30e68c7d8249ca0a1bb69af275f0af7fd

    • SSDEEP

      3072:3Y89W5Hon128oj0yjObfQ/lI/GwT2k/+Hvr8XpyZZWBG/Pa2tYpIQPqb:3Y8v128ow+oT2kmHv6CF3aU1

    Score
    10/10
    redline0402chqallengeinfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks