Overview

overview

10

Static

static

10

3e79b88bdf...97.exe

windows7-x64

10

3e79b88bdf...97.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3e79b88bdf7a27dc3452f6bc1e6e32774933df5a9fd6d7609cf10a5f0c260697.zip

  • Size

    51KB

  • Sample

    230329-nfbl7ahf5s

  • MD5

    3eb40869e58c31a47f0a4b2018a90d7d

  • SHA1

    bc1b4419db4c6f592fcd8186ccb6aa3418eee094

  • SHA256

    0c44efd91dc08a1ed33cfd0d454c979b1150c97ca63c50fd56080a6d3700dc5c

  • SHA512

    33448f785af24cd36a643ad7fe89c98896770c6f3fe90c38605c94c2a1021ead5be9513d47e6598b5a06e974254c4a6c9c81cc23c5ad97ff16ec5d88423a4a03

  • SSDEEP

    768:/bJhjZOsyfj0ZwKINQbzWztOw+i9HsyaumA4wWqJ2vcacOyNITgmmhKlZ6YHN:/fZlP+MHWztHF9HVO0acOyNIkmmhhYt

Score
10/10
redlinefromdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

from

C2

176.113.115.145:4125

Attributes
  • auth_value

    8633e283485822a4a48f0a41d5397566

Targets

    • Target

      3e79b88bdf7a27dc3452f6bc1e6e32774933df5a9fd6d7609cf10a5f0c260697

    • Size

      175KB

    • MD5

      f82c6642e389e4d529454a316f75fdda

    • SHA1

      b511027d8f81c8a46d339730254fd90a1905ae54

    • SHA256

      3e79b88bdf7a27dc3452f6bc1e6e32774933df5a9fd6d7609cf10a5f0c260697

    • SHA512

      e3292a229cd54f5c72b2488b1934e5b1c71349f8eaba2f43640c2b2d0048bb8f86db42b5f6a71e351b59f547bf9111d24d12c7f930a060100b70f1576f991c6e

    • SSDEEP

      3072:4xqZWZRanU2n0/Z62eJ5evJ9ih+PxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOm:mqZg/Z6XJIih

    Score
    10/10
    redlinefromdiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks