Overview

overview

10

Static

static

10

a741976c03...6b.exe

windows7-x64

10

a741976c03...6b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a741976c0377522b387e9f4a142a581a039144e7ff120585e5ee086b627de56b.zip

  • Size

    51KB

  • Sample

    230328-nwdfqaag44

  • MD5

    e7b9f00c390100758f7dd2c9b3005f70

  • SHA1

    2cfe568ded43090199e3686fba3bbdd53da01d92

  • SHA256

    3b308722509ac5fa822dd014c77132f56c7e1ab51db0c814d448b6edceb29507

  • SHA512

    e063fe6e450be7407ce43f74ce4e7700376d1dd41bb1d73544a5a5c1a75f66ea08976dd06589ded3783c46f951347d13c42eb2d525efc494ad4bff8f4ece61b3

  • SSDEEP

    1536:EiR0n/U02lgMWC+Z0L/Jw+hxP2dlGAQV3bxzB20Bw:LW/U0cWCZtwgxOdUTb9B25

Score
10/10
redlinebrazadiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

braza

C2

193.233.20.32:4125

Attributes
  • auth_value

    ebe61b54deeef75cf8466416c0857088

Targets

    • Target

      a741976c0377522b387e9f4a142a581a039144e7ff120585e5ee086b627de56b

    • Size

      175KB

    • MD5

      b071806e9ed6fc97a8b51516ee5e6d5d

    • SHA1

      27b2865afa4c1946f95ff6cd79ba5df0e762acda

    • SHA256

      a741976c0377522b387e9f4a142a581a039144e7ff120585e5ee086b627de56b

    • SHA512

      18690be6641595b3cfd543cff664a49e92d146386c2a170c7038860f1503f6a9b2b5626e6768aef2bb5e7c859a04b2973c2510f9d7af36d059b69269034704c4

    • SSDEEP

      3072:ZxqZWjfa8oty3s5vZllel5Fih1vxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOus:LqZC0hMih

    Score
    10/10
    redlinebrazadiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks