Overview

overview

10

Static

static

10

cb506997be...c3.exe

windows7-x64

10

cb506997be...c3.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cb506997bebec10c3cf6b50d9069c78bc4789e8a8c6e276b0a7f156b6c7fc8c3.zip

  • Size

    51KB

  • Sample

    230328-m3mgjacc4y

  • MD5

    c30e32dd465b59f5e95c3d252bd0345c

  • SHA1

    5590876c65742aeb6b57e33fdac65b9ea93b56c4

  • SHA256

    db55efdc926d710427c6e2118a20ce213e27f21604acbf336df276730b27df23

  • SHA512

    37b821667ef5b260b8a62099845d4e476c86e93a10e914656e84168900fae8b094a260c2abf3a9c1d8eca36bf71fc83064c49467348c6c0de4a285a3b17bd5ab

  • SSDEEP

    1536:NNtocHpP9nJmKx9tD/QtCBFJGKIeyok1eIjlU:ftT37DQUvwhe/gxU

Score
10/10
redlinereivdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

reiv

C2

193.233.20.33:4125

Attributes
  • auth_value

    5e0113277ad2cf97a9b7e175007f1c55

Targets

    • Target

      cb506997bebec10c3cf6b50d9069c78bc4789e8a8c6e276b0a7f156b6c7fc8c3

    • Size

      175KB

    • MD5

      6fe9a1c0e84784f160d1b2c9b66ed7e9

    • SHA1

      0b15c141c2114d857622e690bda62f7a41d638aa

    • SHA256

      cb506997bebec10c3cf6b50d9069c78bc4789e8a8c6e276b0a7f156b6c7fc8c3

    • SHA512

      d33ff882894ce1ffe7c7593958e6692e62d4729785c82a44374b27b22241a2f281faa50d5a3859b964619fde0b31ea49f1a0070818b68762723623790325763d

    • SSDEEP

      3072:6xqZWjfa8oty3BfeT59lhavxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOuw+ca2:oqZCBalh

    Score
    10/10
    redlinereivdiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks