Overview

overview

10

Static

static

1

4be4fa96fc...6b.exe

windows7-x64

10

4be4fa96fc...6b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4be4fa96fca0882f20c11f0e5217486b.exe

  • Size

    251KB

  • Sample

    230223-q5tkeahh3t

  • MD5

    4be4fa96fca0882f20c11f0e5217486b

  • SHA1

    e5f16d07a554a1c2a4482a84b058f73cb9e757c7

  • SHA256

    94c4cbafa8293577b9617a5e3f7f71041fb9f9b9251c1efbf5e70fe9a9b30b1a

  • SHA512

    f7d2f3f37aa840a5402be801239f15855892a48bf9eca998e8c459da83e52fd6e8b68e066d3657936ea1022a0a381e4b9800d7adb75756ece22be4fb3da27635

  • SSDEEP

    6144:GGCY4I6GKyqr9YGzoUQbTmvYcR+C+eEO7wO:GGCY949YGW4R+CBE8

Score
10/10
redlinesupinfostealerspyware

Malware Config

Extracted

Family

redline

Botnet

Sup

C2

45.15.156.223:42971

Attributes
  • auth_value

    472a180e669f28c84ebddeebf18234c8

Targets

    • Target

      4be4fa96fca0882f20c11f0e5217486b.exe

    • Size

      251KB

    • MD5

      4be4fa96fca0882f20c11f0e5217486b

    • SHA1

      e5f16d07a554a1c2a4482a84b058f73cb9e757c7

    • SHA256

      94c4cbafa8293577b9617a5e3f7f71041fb9f9b9251c1efbf5e70fe9a9b30b1a

    • SHA512

      f7d2f3f37aa840a5402be801239f15855892a48bf9eca998e8c459da83e52fd6e8b68e066d3657936ea1022a0a381e4b9800d7adb75756ece22be4fb3da27635

    • SSDEEP

      6144:GGCY4I6GKyqr9YGzoUQbTmvYcR+C+eEO7wO:GGCY949YGW4R+CBE8

    Score
    10/10
    redlinesupinfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks