Overview

overview

10

Static

static

1

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    295KB

  • Sample

    230327-1yccnahe2w

  • MD5

    66cc39066025dca6a6e5e6d50cb8a7a3

  • SHA1

    488423737bc8e626a4b8f460c9f52f1f7b1f91b2

  • SHA256

    54ec09c94cad8063383f7ada6d865a66ba1003307e16f4da6bb5417225461dfd

  • SHA512

    eaf7839d6b3f02c90562bf99c5607912ed0f09b076f6404a9fa96b0f6eb9360219fb60ee0d695788fa9499fa3b120a5b64d56233d1522b0e541eb47c22ab8583

  • SSDEEP

    3072:4U1eLwDEgPVolVANyXtQ15lnJhP7Rt9rW+RVWS6L8RKVS/PwfUL6L5RR26l11UqO:649o7tQflLP7RtJWkVWS6sdPzj

Score
10/10
redlinepushka7infostealerspyware

Malware Config

Extracted

Family

redline

Botnet

pushka7

C2

176.123.9.142:14845

Attributes
  • auth_value

    630452b2bed54a95b6c67c741b1c401a

Targets

    • Target

      file.exe

    • Size

      295KB

    • MD5

      66cc39066025dca6a6e5e6d50cb8a7a3

    • SHA1

      488423737bc8e626a4b8f460c9f52f1f7b1f91b2

    • SHA256

      54ec09c94cad8063383f7ada6d865a66ba1003307e16f4da6bb5417225461dfd

    • SHA512

      eaf7839d6b3f02c90562bf99c5607912ed0f09b076f6404a9fa96b0f6eb9360219fb60ee0d695788fa9499fa3b120a5b64d56233d1522b0e541eb47c22ab8583

    • SSDEEP

      3072:4U1eLwDEgPVolVANyXtQ15lnJhP7Rt9rW+RVWS6L8RKVS/PwfUL6L5RR26l11UqO:649o7tQflLP7RtJWkVWS6sdPzj

    Score
    10/10
    redlinepushka7infostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks