Overview

overview

10

Static

static

10

3a32e5fed2...82.exe

windows7-x64

10

3a32e5fed2...82.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3a32e5fed28c5727896f82b57b54e16a113fb5b4054a23504fe100423364fd82.zip

  • Size

    51KB

  • Sample

    230329-rzgt4aac8v

  • MD5

    669e1dae170598d6a87b93d01c1196ec

  • SHA1

    9f85398f0649edd901f7a5e71f84411c6d97c58b

  • SHA256

    f0a8580962ec37367bcde97b8a4ed3f30891e6922f042f03977195d6131ffc95

  • SHA512

    4d95e5b0af2006c24be903c5da67f7e2c799bbe160ec85c8a736e78bb83a2141f85aa6f271705bb8442cf47f236363e7125de084430e941b12ab9159b3637566

  • SSDEEP

    1536:VByuzr/ZantEidwbWUxqB7bBtidOVEO5eZsTugrEP:VT8tEidvtBUsic4CPrEP

Score
10/10
redlinemusediscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

muse

C2

176.113.115.145:4125

Attributes
  • auth_value

    b91988a63a24940038d9262827a5320c

Targets

    • Target

      3a32e5fed28c5727896f82b57b54e16a113fb5b4054a23504fe100423364fd82

    • Size

      175KB

    • MD5

      3b0fb67362fef0df86dc45b26585f424

    • SHA1

      cf950efffb9a7cf68abb651fa3dc0767d04a6770

    • SHA256

      3a32e5fed28c5727896f82b57b54e16a113fb5b4054a23504fe100423364fd82

    • SHA512

      e9b6be338ba2cab606d5947e80126fc5cbd7d0a9aede9a03c3cd37915a719b8e72c4933071dc6104a6dce6ca3ae595dc9f1d642bde01734a0321fe4fc5b3e7d9

    • SSDEEP

      3072:VxqZWn7aNQYF8ZueD59IhmHxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOuw+caq:fqZuZZIh

    Score
    10/10
    redlinemusediscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks