Overview

overview

10

Static

static

10

c8895fc57c...d5.exe

windows7-x64

10

c8895fc57c...d5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c8895fc57cb88891b4348ab4c238e03aba65d8f98e1bbf8cf1d8788db40d87d5.zip

  • Size

    51KB

  • Sample

    230329-nfveashf5w

  • MD5

    889c4f359a04ee1a7f9340b86177e9a2

  • SHA1

    b5b2eff39b99befa6d676812a964fead7ca0ccfe

  • SHA256

    5a7dc4044ae50e930581f168e137619a7b6902b0939f7c9c888f6472cd615915

  • SHA512

    a728485ec79688e5010fc9beb6b65a0bd141ebad80efa405f795a8b3991c37c809f401b35ac0cff39efa5517f0dc73ad129ead8c8b8e3c9e134d709903d5ea65

  • SSDEEP

    1536:5fZlP+MHWztHF9HVO0tvYDG9aiIJSghnuB0:9+MHQFHvtKLvhuB0

Score
10/10
redlinefromdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

from

C2

176.113.115.145:4125

Attributes
  • auth_value

    8633e283485822a4a48f0a41d5397566

Targets

    • Target

      c8895fc57cb88891b4348ab4c238e03aba65d8f98e1bbf8cf1d8788db40d87d5

    • Size

      175KB

    • MD5

      f828658358673b1b17a02e5639814a22

    • SHA1

      31f1f17c0b240cbcce8f3900bf61782938292bdc

    • SHA256

      c8895fc57cb88891b4348ab4c238e03aba65d8f98e1bbf8cf1d8788db40d87d5

    • SHA512

      e38b7224ae54688b0ba3ef0beb221f62362aa7342d5424414c136fe11d60abdd7f8f5d3f7540757e735a062d68b5d31b112d5642d53fcc60f70d962f24c68665

    • SSDEEP

      3072:4xqZWZRanU2n0/Z62eJ5evJ9ih+PxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOm:mqZg/Z6XJIih

    Score
    10/10
    redlinefromdiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks