Overview

overview

10

Static

static

10

af28804ba0...89.exe

windows7-x64

10

af28804ba0...89.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    af28804ba078053c5360a95c5b3e653a967193c634524fcaa0688139bebd0d89.zip

  • Size

    51KB

  • Sample

    230329-qgkbtsgd66

  • MD5

    de7d76f6edc04b87f9c922d028a59d04

  • SHA1

    f8bb2cd92b7d08f6e007ae483a7f43322c2f643f

  • SHA256

    c8e90a780be6be95b1e2d0801fd88061de420abf48a88a7427db5129ba6e9634

  • SHA512

    afb27815b18e5fb954ecd4466a1b9a9d1b328490c1162e70db449e2ed3dea58af282c37c30de60868b2bf967149957ffce5174c9787eef8c3926001f502db116

  • SSDEEP

    1536:zfZlP+MHWztHF9HVO0tvYDG9aiIJSghnuBx:n+MHQFHvtKLvhuBx

Score
10/10
redlinefromdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

from

C2

176.113.115.145:4125

Attributes
  • auth_value

    8633e283485822a4a48f0a41d5397566

Targets

    • Target

      af28804ba078053c5360a95c5b3e653a967193c634524fcaa0688139bebd0d89

    • Size

      175KB

    • MD5

      549589c884c90615cfc723f0684a3d70

    • SHA1

      22afb7d064646f51b91d6c5b055ab4868725aa79

    • SHA256

      af28804ba078053c5360a95c5b3e653a967193c634524fcaa0688139bebd0d89

    • SHA512

      bb2fbe0158d3880b508d8e3fc464d68c78a95ac96a83242f79c5d5b1d493acb3b380bedb6762e15dca361987d8c26c2d2e4b604febc476bd82e549201b270a18

    • SSDEEP

      3072:4xqZWZRanU2n0/Z62eJ5evJ9ih+PxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOm:mqZg/Z6XJIih

    Score
    10/10
    redlinefromdiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks