redline | b7a161f65a0b4069006bbf460c2e5bdb61954258eee13834d4360e6f06dd7297 | Triage

Submit
Reports

Overview

overview

Static

static

6e116713f7...7e.exe

windows7-x64

6e116713f7...7e.exe

windows10-2004-x64

Sharing

General

Target

076fd5122925ed14d20711b912f79112.bin
Size

42KB
Sample

230506-2prxesff6v
MD5

2befd63e8afe663262b5e19d9c0b9a9e
SHA1

cabff64dfb6b1da85cbfe3613e4f614c22169e83
SHA256

b7a161f65a0b4069006bbf460c2e5bdb61954258eee13834d4360e6f06dd7297
SHA512

b29d6c305284f19c00be791d956a4ea5ec1dc8a1cb03ab85a0c169c5eadd7b0160a540a1cb14caec20757608bec7b7f35f01e7b17847009ce86831b144bb4910
SSDEEP

768:ecaQNE8wLYpr5Gt+e1ALf9EkMuwU0BKFMPqLKShTocUhrx2rahG13wO1Bmhgb9IF:ehcE8wS9Gt+yQf+huwlBKGPoH1yxAE0w

Score

10^/10

redline xworm infostealer persistence rat stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

6e116713f7dbf7001384a4aa15ba193cf9f9f4e2e6685ead326317a78623a57e.exe

Resource

win7-20230220-en

redline xworm infostealer persistence rat stealer trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

6e116713f7dbf7001384a4aa15ba193cf9f9f4e2e6685ead326317a78623a57e.exe

Resource

win10v2004-20230220-en

xworm persistence rat trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

194.145.138.88:1604

Attributes

install_file
USB.exe

Targets

- Target
  
  6e116713f7dbf7001384a4aa15ba193cf9f9f4e2e6685ead326317a78623a57e.exe
- Size
  
  70KB
- MD5
  
  076fd5122925ed14d20711b912f79112
- SHA1
  
  69f0d0a82616fa4cd8a294a90418f94f614f877a
- SHA256
  
  6e116713f7dbf7001384a4aa15ba193cf9f9f4e2e6685ead326317a78623a57e
- SHA512
  
  6c497c8815f8225e112865ba9e228d905cef356d18a0d75297fdfafc9045501d5103b5bf8f35d7a1b89f8dce02c906278065990b1e55a7ee5f22e27be2021b28
- SSDEEP
  
  1536:i8QQ5i1NvQ4IwNdVrZTE1X/iXxwWZbk+VcYXjDn6Q8OETLwKDNxSr:qQ54IwV10sxZbk+cXOqpcr
Score

10^/10

redline xworm infostealer persistence rat stealer trojan
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinexworminfostealerpersistenceratstealertrojan

behavioral2

xwormpersistencerattrojan

© 2018-2024

Terms | Privacy