Overview

overview

10

Static

static

1

ab8eb8019b...in.exe

windows7-x64

10

ab8eb8019b...in.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ab8eb8019befbe7fff1a723818a379e3.bin.exe

  • Size

    292KB

  • Sample

    230326-vwyvzsbc7v

  • MD5

    ab8eb8019befbe7fff1a723818a379e3

  • SHA1

    c7ea69ff4490f2c7aa745f0e9b2444b57dbed863

  • SHA256

    20fb6ad957974a5e836e3cd93bb8426f43049dcd223077fbd969bd1bc33434d4

  • SHA512

    7efe68e3a0ef0b5b11d48bd3540bb11cdc272f99e7b1110c8bb8b2b1c5b5fabd0f5625329628db57ba27aa1fdfa13a85982b41a46d029f42f90e745138055889

  • SSDEEP

    6144:gYCN1NUy4+qHvLwADFcF3NYy/AjCGQ/K:zCN1NUy8H9I36yojzQ

Score
10/10
redlineinfostealerspyware

Malware Config

Extracted

Family

redline

C2

94.142.138.207:41751

Attributes
  • auth_value

    b34e180fee9738bade6c400ac45eed85

Targets

    • Target

      ab8eb8019befbe7fff1a723818a379e3.bin.exe

    • Size

      292KB

    • MD5

      ab8eb8019befbe7fff1a723818a379e3

    • SHA1

      c7ea69ff4490f2c7aa745f0e9b2444b57dbed863

    • SHA256

      20fb6ad957974a5e836e3cd93bb8426f43049dcd223077fbd969bd1bc33434d4

    • SHA512

      7efe68e3a0ef0b5b11d48bd3540bb11cdc272f99e7b1110c8bb8b2b1c5b5fabd0f5625329628db57ba27aa1fdfa13a85982b41a46d029f42f90e745138055889

    • SSDEEP

      6144:gYCN1NUy4+qHvLwADFcF3NYy/AjCGQ/K:zCN1NUy8H9I36yojzQ

    Score
    10/10
    redlineinfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks