Overview

overview

10

Static

static

10

bc4c31144c...2e.exe

windows7-x64

10

bc4c31144c...2e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bc4c31144cf221bde95958dbd2d58ce36a446394de7ff0ec0a7a93c44ec76c2e.zip

  • Size

    51KB

  • Sample

    230328-mwcnracc2t

  • MD5

    8704d64857822edaeb47b6d497a59ba7

  • SHA1

    14576511adddf964ef62a8022991c327aa65810a

  • SHA256

    474f18446ef4c6ca90ed51bc7d9b68433feda378bc387e941c4b01c3934129dd

  • SHA512

    6fbabb82a23c5c0d040e4a65a30ecdcf0a2a64be61fd8021a535fd4689ea85a84543439a90b4a7f455c21684328cf3e182e58aac3527283ff229b6b28a362bb8

  • SSDEEP

    1536:WSLZmNPwTzSuZTrDjOdp3mD2aKtKLodYKjB:WSLEsWuBjOdp3V9t+wTjB

Score
10/10
redline飞机discoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

飞机

C2

45.195.52.34:26175

Attributes
  • auth_value

    a481f80a40db6a8b76b305325a28cb10

Targets

    • Target

      bc4c31144cf221bde95958dbd2d58ce36a446394de7ff0ec0a7a93c44ec76c2e

    • Size

      175KB

    • MD5

      5ea64633da931c5d8a732e441d64d0ca

    • SHA1

      21c7ec54c1be8f946bdc83c4010cd8d0bd0db48d

    • SHA256

      bc4c31144cf221bde95958dbd2d58ce36a446394de7ff0ec0a7a93c44ec76c2e

    • SHA512

      149b16d093c716ecd8b737748d8a82a6332c7335b0963256faf49ccdbe7e9a3f961c9391ce9311da10685dfe888b9c5e08584e11f622ac5f9329e24465a6ef5c

    • SSDEEP

      3072:BxqZWJBaKULo3tVCwsde/fFUhG/xNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOuz:zqZItVC3OUh

    Score
    10/10
    redline飞机discoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks