Overview

overview

10

Static

static

1

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    275KB

  • Sample

    230311-s1xglsaa92

  • MD5

    4b4fcb4bf098de394c89c6aa6eb0480e

  • SHA1

    75d41d02227f70002f15e963ec774f6269e7383d

  • SHA256

    f98254fc054ad990b23b14f0f1ec3ed61bbe43db4f44cc0ac8510b886b4c6c62

  • SHA512

    0a3f2f96054f9339c73857569bd3a9fc1f0d1050434f883b437b99508da4b23f45a0e7f712a8d841c3d37525eb393c45e7ae538816dee4a40a18bf315e4517cf

  • SSDEEP

    3072:W3ulWbph6qoA3xKaay6YtbtauzZvBW3oXd9jxfwjKosZUvEz/SV0efZXGkvwg2:W3ulIpQnA3xIOxauVvsYXlfwjXTVkkIB

Score
10/10
redlinetginfostealerspyware

Malware Config

Extracted

Family

redline

Botnet

TG

C2

185.244.182.218:2027

Attributes
  • auth_value

    797af1930057d299397fd39ab31da9cc

Targets

    • Target

      file.exe

    • Size

      275KB

    • MD5

      4b4fcb4bf098de394c89c6aa6eb0480e

    • SHA1

      75d41d02227f70002f15e963ec774f6269e7383d

    • SHA256

      f98254fc054ad990b23b14f0f1ec3ed61bbe43db4f44cc0ac8510b886b4c6c62

    • SHA512

      0a3f2f96054f9339c73857569bd3a9fc1f0d1050434f883b437b99508da4b23f45a0e7f712a8d841c3d37525eb393c45e7ae538816dee4a40a18bf315e4517cf

    • SSDEEP

      3072:W3ulWbph6qoA3xKaay6YtbtauzZvBW3oXd9jxfwjKosZUvEz/SV0efZXGkvwg2:W3ulIpQnA3xIOxauVvsYXlfwjXTVkkIB

    Score
    10/10
    redlinetginfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks