Overview

overview

10

Static

static

10

5fe85df747...23.exe

windows7-x64

10

5fe85df747...23.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5fe85df74736d9d887ad082ec23079675a6d92795e0add3d747ccd1501858723.zip

  • Size

    51KB

  • Sample

    230329-m77m9sga49

  • MD5

    dd9b6f1d255c761c0b724a330f0a1e8d

  • SHA1

    98cc1dfa569a2393c1cfab4b09ee0c6efcff0342

  • SHA256

    5c1de0ba315e4ace0d260c5fc79fa34435e730e98f7c2e47ffc7070f1ef0f5ba

  • SHA512

    5ab6124832f127c655349f9a9663eae7a9533d16019bd48e243ff8bcb4fbeac855c9e308cb4ffee67e6e7841e00ad1be39a5ef8846f6c2952e06b43bfef0f1c3

  • SSDEEP

    1536:lfZlP+MHWztHF9HVO0tvYDG9aiIJSghnuBO:B+MHQFHvtKLvhuBO

Score
10/10
redlinefromdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

from

C2

176.113.115.145:4125

Attributes
  • auth_value

    8633e283485822a4a48f0a41d5397566

Targets

    • Target

      5fe85df74736d9d887ad082ec23079675a6d92795e0add3d747ccd1501858723

    • Size

      175KB

    • MD5

      629206192f00d7eaef07138db484e484

    • SHA1

      9aeb5a02478ffc46e0150ca20be5d2a571d7f79a

    • SHA256

      5fe85df74736d9d887ad082ec23079675a6d92795e0add3d747ccd1501858723

    • SHA512

      0d25750263346cc2b5e98b67b734eaf2b9f176c8d6d1b16262e1d2376d1b4fe24c53aff4d7473bb829567e1b2732940fad26e192334c5ebf89cc5dbaa3985ff0

    • SSDEEP

      3072:4xqZWZRanU2n0/Z62eJ5evJ9ih+PxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOm:mqZg/Z6XJIih

    Score
    10/10
    redlinefromdiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks