Overview

overview

10

Static

static

10

a22b5011e7...c1.exe

windows7-x64

10

a22b5011e7...c1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a22b5011e7e19aa0ae7d943d68b7dd218a5ad0645c8d698c5c8faaf599e4a2c1.zip

  • Size

    51KB

  • Sample

    230328-nn2hkscd4s

  • MD5

    d3e2a9be0e7572e9b3109a83b80af298

  • SHA1

    a2db4a332ef66c3d3e826acdb48fb4050354a24c

  • SHA256

    2820bacc2708214560f5a387d22cc5637a7c9cea052eccc44f61a75dda04c52e

  • SHA512

    7a4cde4e7123646fe4c3108c4b4c11bd58e50c037fd75e211fa16a46ddffdec374a5d56f28d788c31c5aae377f68fb620d22ae6e341028912558fdf220b43fc8

  • SSDEEP

    768:ctG/l++VpIvJGxNH+Uh4/GJWmgUNx7he1s8CN6xorL20A6pf1EdtWTdjDNo:cM/o+yUU/ez7sNxCyLkeAxDNo

Score
10/10
redlinedentdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

dent

C2

193.233.20.33:4125

Attributes
  • auth_value

    e795368557f02e28e8aef6bcb279a3b0

Targets

    • Target

      a22b5011e7e19aa0ae7d943d68b7dd218a5ad0645c8d698c5c8faaf599e4a2c1

    • Size

      175KB

    • MD5

      1a8274baafeb91b34d9934cdeaddab7d

    • SHA1

      de2e4bd75afe0fc6080cce86844d3a9edc5ca0bf

    • SHA256

      a22b5011e7e19aa0ae7d943d68b7dd218a5ad0645c8d698c5c8faaf599e4a2c1

    • SHA512

      acfd387f9138a78a685f2f5ae75476d471ebe3fb8ba662cc67ad158058925153c0b2d0e3794508e2489271de88f2ba00c88330837ccefaf0852ac2b9c6c60c7d

    • SSDEEP

      3072:s9xqZWBJaHEDgXp5lCe159Eh4bxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOuwY:sHqZV7ljEh

    Score
    10/10
    redlinedentdiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks