Overview

overview

10

Static

static

10

4b373fe4f0...c6.exe

windows7-x64

10

4b373fe4f0...c6.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4b373fe4f094ac74db89698f1a1cce5c458810389206a43dbc33d4fe8e18d7c6.zip

  • Size

    51KB

  • Sample

    230329-nffk5shf5t

  • MD5

    3e75379f0267a082196f455abc4a2178

  • SHA1

    99df280c1541c69272f6d52454c16316fb408acd

  • SHA256

    60426e77de5d5e69ad36fcbc12b23f4567ddd8efa3f69275a52ae68b13ad2e88

  • SHA512

    b5a80adf4ac73fddd7687e89e12c6e832ec5a7479a68171df1e7333328a5f9d27e7b836b26426f5575c3b1b1cf2cc7ea3c7aca0637511052478cbf29c67ca3aa

  • SSDEEP

    1536:FfZlP+MHWztHF9HVO0tvYDG9aiIJSghnuBs:h+MHQFHvtKLvhuBs

Score
10/10
redlinefromdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

from

C2

176.113.115.145:4125

Attributes
  • auth_value

    8633e283485822a4a48f0a41d5397566

Targets

    • Target

      4b373fe4f094ac74db89698f1a1cce5c458810389206a43dbc33d4fe8e18d7c6

    • Size

      175KB

    • MD5

      efd1c0ec3b3f5d70e2d4fd43351c81a4

    • SHA1

      ea2869b33807e1d01b8901bccf785e47598ed86f

    • SHA256

      4b373fe4f094ac74db89698f1a1cce5c458810389206a43dbc33d4fe8e18d7c6

    • SHA512

      16d0b6ffbabe01b97fcea2b94cc05907c89dbf4d7356f83ab1e5fdf621af5d3224ef1dfd17772a544c2895f25d3b4111afde9c5aebb856b0c8c04fcf2b3ff377

    • SSDEEP

      3072:4xqZWZRanU2n0/Z62eJ5evJ9ih+PxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOm:mqZg/Z6XJIih

    Score
    10/10
    redlinefromdiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks