Overview

overview

10

Static

static

10

ba1dd82b94...7a.exe

windows7-x64

10

ba1dd82b94...7a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ba1dd82b94a37e0b03169898322c3db6a2b098dfa19429d81f4bda4f953d847a.zip

  • Size

    51KB

  • Sample

    230328-lptg9abh9s

  • MD5

    4daf018c39b3dd18a4af856027cfd730

  • SHA1

    b95c8af61e05b5b9c8e270cd6df61a53789d1018

  • SHA256

    21119edc55fa4f24bef56804401dd24e480b6c634e7fa5f0f157316098a5439c

  • SHA512

    cb8dab63eb2a9b615dac4d0569084ef2ba07ed9275edde76c0acb702f4f1f8f29e0ecaa39d2be39d20816852d084d357571a189301bbcca5a4a705bdfef60d0b

  • SSDEEP

    1536:IfZlP+MHWztHF9HVO0tvYDG9aiIJSghnuBo:k+MHQFHvtKLvhuBo

Score
10/10
redlinefromdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

from

C2

176.113.115.145:4125

Attributes
  • auth_value

    8633e283485822a4a48f0a41d5397566

Targets

    • Target

      ba1dd82b94a37e0b03169898322c3db6a2b098dfa19429d81f4bda4f953d847a

    • Size

      175KB

    • MD5

      f18535e8b789069ba38b6b2adfd046db

    • SHA1

      ba36b25ee622854342a26fa2140a2f870f325f23

    • SHA256

      ba1dd82b94a37e0b03169898322c3db6a2b098dfa19429d81f4bda4f953d847a

    • SHA512

      5bb5d84e8d77413f3c9f375590bd8627a78a4ce8a34794b51b6b882cdfa6fc2cb615bbe9acbbc998c52f001bb6330e41c343e45ce6d496b3c2e94e877598faee

    • SSDEEP

      3072:4xqZWZRanU2n0/Z62eJ5evJ9ih+PxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOm:mqZg/Z6XJIih

    Score
    10/10
    redlinefromdiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks