Overview

overview

10

Static

static

1

modest-menu.exe

windows7-x64

10

modest-menu.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    modest-menu.exe

  • Size

    3.0MB

  • Sample

    230417-ggayqaeg7t

  • MD5

    77b6db60ce150f9d850805f3b344358a

  • SHA1

    32113c537704c76d6a254bec0a6f0953b61b1414

  • SHA256

    64287e79baab44a7bc4996b5712573de1cf3a5e279bb48abcaa79ccee9545254

  • SHA512

    d2c04e48caf0b5b029e5be8ada02fa78b6a7d134d7781add74021a9a42caa2233b9a4f262d168d08491f78905540fe66a5a8da0792a63a1ecda40de3cfbac046

  • SSDEEP

    24576:E/xjSOtfDDdS4SSZc0hrbUMritLd8BfoxLf4iV:E/xRfDD3JbAqexEiV

Score
10/10
redlineinfostealerpersistencespyware

Malware Config

Extracted

Family

redline

C2

193.233.20.13:11552

Attributes
  • auth_value

    9abfd72e5d4e9a093a3f555a36719c53

Targets

    • Target

      modest-menu.exe

    • Size

      3.0MB

    • MD5

      77b6db60ce150f9d850805f3b344358a

    • SHA1

      32113c537704c76d6a254bec0a6f0953b61b1414

    • SHA256

      64287e79baab44a7bc4996b5712573de1cf3a5e279bb48abcaa79ccee9545254

    • SHA512

      d2c04e48caf0b5b029e5be8ada02fa78b6a7d134d7781add74021a9a42caa2233b9a4f262d168d08491f78905540fe66a5a8da0792a63a1ecda40de3cfbac046

    • SSDEEP

      24576:E/xjSOtfDDdS4SSZc0hrbUMritLd8BfoxLf4iV:E/xRfDD3JbAqexEiV

    Score
    10/10
    redlineinfostealerpersistencespyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks