Overview

overview

10

Static

static

10

25f567e62b...71.exe

windows7-x64

10

25f567e62b...71.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    25f567e62b27d72849b73f24e65cfb9bc5793764d19c843479764b22b7c73a71.zip

  • Size

    51KB

  • Sample

    230329-qtmygsab3t

  • MD5

    51a1eb7bf592c9776b67120418517182

  • SHA1

    b70632a5e3bb6eac57b3f40d8f01ef25c9c3b067

  • SHA256

    9e01592edb10fb81012a19551990045630f1952c917ec907ebc23a71a1758eb6

  • SHA512

    73b43c118ec14073a3935b4659445be715a0a39597dc03eb414b81f42413f2f654bdc9d055620937ec540c5162182fb8a19927dcc98f1e2c4fe17a5d3eae6c88

  • SSDEEP

    768:jZSH2X/xQNhidcOtA4kADfLN++WQYdo+zwJ76+X2UhPzVA947eGriqkCcFm:jZSWX/EVRQYdo+sX9hyO7eLjCcY

Score
10/10
redlinenetudiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

netu

C2

193.233.20.32:4125

Attributes
  • auth_value

    9641925ae487005582b5cf30476dd305

Targets

    • Target

      25f567e62b27d72849b73f24e65cfb9bc5793764d19c843479764b22b7c73a71

    • Size

      175KB

    • MD5

      82f8701d57d3800f6d8037c8a8358879

    • SHA1

      f3c206ce2bc849da3098663fbf32f5667aa25bf4

    • SHA256

      25f567e62b27d72849b73f24e65cfb9bc5793764d19c843479764b22b7c73a71

    • SHA512

      203a66c33fe35afcb1c008cb4b5dc9755d3387eb837e39d117b8670bf2964e88a34ae7c400438481ea68c1ca2efff87305c86a44277b167d8dfc72bf6cf8117b

    • SSDEEP

      3072:nxqZW11a2kX8feVjNsAeHlF2ohgrxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jO2:xqZkeVjWb2oh

    Score
    10/10
    redlinenetudiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks