Overview

overview

10

Static

static

10

afb66bb113...66.exe

windows7-x64

10

afb66bb113...66.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    afb66bb113d87944fe118fc9be31517c485ef9e27b2ecf08e56ea8d86db69166.zip

  • Size

    51KB

  • Sample

    230328-xw9nlacf99

  • MD5

    63ea0b48fe5e4a8cbb1f31bd27296a38

  • SHA1

    6d72e0c3704e5a177268cd0d3a7fccdfe21ce71b

  • SHA256

    9fa8fa5d181d64e629755ba598cafb785a10f69a8eb9354f30117dff0a2180db

  • SHA512

    ec8e1d7a7273bad8f2e378b6ed14e36f4b1a5c5bec4fc7fa1546b62e3db20f70b09ea55e84e08b351d7c864729fcd1ee3e0689895853dd0806ec6e019dc0c7aa

  • SSDEEP

    1536:QfZlP+MHWztHF9HVO0tvYDG9aiIJSghnuBe:c+MHQFHvtKLvhuBe

Score
10/10
redlinefromdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

from

C2

176.113.115.145:4125

Attributes
  • auth_value

    8633e283485822a4a48f0a41d5397566

Targets

    • Target

      afb66bb113d87944fe118fc9be31517c485ef9e27b2ecf08e56ea8d86db69166

    • Size

      175KB

    • MD5

      b4efe140629e27626c4cdeed6ab03a4d

    • SHA1

      a538707622a10ea53ed71d6577843451947bc5ed

    • SHA256

      afb66bb113d87944fe118fc9be31517c485ef9e27b2ecf08e56ea8d86db69166

    • SHA512

      c93679f6cee3afd4891f865e764c4aba63c79ebecdb0217ab90d7585567347665b20e23f7510b2e81b8da5bdc5154c9abc766cee50a31478ddae2508f13df906

    • SSDEEP

      3072:4xqZWZRanU2n0/Z62eJ5evJ9ih+PxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOm:mqZg/Z6XJIih

    Score
    10/10
    redlinefromdiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks