Overview

overview

10

Static

static

10

0x00070000...62.exe

windows7-x64

10

0x00070000...62.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0x0007000000013a0c-1062.dat

  • Size

    175KB

  • Sample

    230328-j6zz9abe81

  • MD5

    ff660499a5256c0b5d4f070e4a179150

  • SHA1

    d3df324fb84aa04dbf66eab67d274f63f7516621

  • SHA256

    f06753e7a5e5f16486cd8418a349b1750faa184e5a2d4b55472a238f135c5370

  • SHA512

    8127fb9dd37ef972d03cbeab458a9712908b2fadd7f293cfe65a4db6f90f40dd1170c0e4a9dd9e7f58a76c671b68af52f25eaa39fb60b6daebbae26ab737938f

  • SSDEEP

    3072:jxqZWRZaPkOQ3TjmTseesFqh+XxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOuwh:1qZoTjalqh

Score
10/10
redlinerentadiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

renta

C2

176.113.115.145:4125

Attributes
  • auth_value

    359596fd5b36e9925ade4d9a1846bafb

Targets

    • Target

      0x0007000000013a0c-1062.dat

    • Size

      175KB

    • MD5

      ff660499a5256c0b5d4f070e4a179150

    • SHA1

      d3df324fb84aa04dbf66eab67d274f63f7516621

    • SHA256

      f06753e7a5e5f16486cd8418a349b1750faa184e5a2d4b55472a238f135c5370

    • SHA512

      8127fb9dd37ef972d03cbeab458a9712908b2fadd7f293cfe65a4db6f90f40dd1170c0e4a9dd9e7f58a76c671b68af52f25eaa39fb60b6daebbae26ab737938f

    • SSDEEP

      3072:jxqZWRZaPkOQ3TjmTseesFqh+XxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOuwh:1qZoTjalqh

    Score
    10/10
    redlinerentadiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks