Overview

overview

10

Static

static

10

0x00060000...65.exe

windows7-x64

10

0x00060000...65.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0x00060000000142d9-6565.dat

  • Size

    168KB

  • Sample

    230502-pa2rvsba24

  • MD5

    193ea8b6b05fb5853e6ffe824ecf108c

  • SHA1

    98eabd5c4c20bea21bf5d8c7019bebfd46604ceb

  • SHA256

    2bf4ff4c74c13cdc07024dc7e76886793783a219a1c511ebfec56d0831bf6309

  • SHA512

    5d1394c7e673e0e8dc385ba1de3dd46af28c94ee6601c54b2b6065cf406f36d332eefc07c6f827caeb2403745e3362a615743b50d866a4575b4319da500dfa31

  • SSDEEP

    1536:ncJK7qlVZRGW4XqrozC3iGOmE+lrcI2nBCTGqV8buV+jys0ausT83wYk98e8he:nc4VVzxNf3qV0/yNausTb8e8he

Score
10/10
redlinelifediscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

life

C2

185.161.248.73:4164

Attributes
  • auth_value

    8685d11953530b68ad5ec703809d9f91

Targets

    • Target

      0x00060000000142d9-6565.dat

    • Size

      168KB

    • MD5

      193ea8b6b05fb5853e6ffe824ecf108c

    • SHA1

      98eabd5c4c20bea21bf5d8c7019bebfd46604ceb

    • SHA256

      2bf4ff4c74c13cdc07024dc7e76886793783a219a1c511ebfec56d0831bf6309

    • SHA512

      5d1394c7e673e0e8dc385ba1de3dd46af28c94ee6601c54b2b6065cf406f36d332eefc07c6f827caeb2403745e3362a615743b50d866a4575b4319da500dfa31

    • SSDEEP

      1536:ncJK7qlVZRGW4XqrozC3iGOmE+lrcI2nBCTGqV8buV+jys0ausT83wYk98e8he:nc4VVzxNf3qV0/yNausTb8e8he

    Score
    10/10
    redlinelifediscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks