Overview

overview

10

Static

static

10

263d1a091e...d6.exe

windows7-x64

10

263d1a091e...d6.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    263d1a091eafd115e0f9f2e408df14b7ce5e1f06c3ad6.exe

  • Size

    175KB

  • Sample

    230317-skleeaag8w

  • MD5

    0191cb1f788338484c31712a343f0b52

  • SHA1

    f78ef09e96fa492639253bb10d0153f0f27053a9

  • SHA256

    263d1a091eafd115e0f9f2e408df14b7ce5e1f06c3ad66e01819d2f7a9a539cb

  • SHA512

    f894517f6629a01e673ae82e339f9aa364eb4ca0f5f42e0a8fcdad31fdb22a0a3a64d749723c2965a441361f805ba598375cdfef281e2c8a06c4616caed47004

  • SSDEEP

    3072:nxqZWpZaPkOQ3xxW3l0weBFFuh/jxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOi:xqZwxxW1Cuh

Score
10/10
redlineredlinediscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

Redline

C2

85.31.54.181:43728

Attributes
  • auth_value

    1666a0a46296c430de7ba5e70bd0c0f3

Targets

    • Target

      263d1a091eafd115e0f9f2e408df14b7ce5e1f06c3ad6.exe

    • Size

      175KB

    • MD5

      0191cb1f788338484c31712a343f0b52

    • SHA1

      f78ef09e96fa492639253bb10d0153f0f27053a9

    • SHA256

      263d1a091eafd115e0f9f2e408df14b7ce5e1f06c3ad66e01819d2f7a9a539cb

    • SHA512

      f894517f6629a01e673ae82e339f9aa364eb4ca0f5f42e0a8fcdad31fdb22a0a3a64d749723c2965a441361f805ba598375cdfef281e2c8a06c4616caed47004

    • SSDEEP

      3072:nxqZWpZaPkOQ3xxW3l0weBFFuh/jxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOi:xqZwxxW1Cuh

    Score
    10/10
    redlineredlinediscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks