Overview

overview

10

Static

static

3

6057b1afc6...cf.exe

windows7-x64

10

6057b1afc6...cf.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6057b1afc6a01afed47e2869d3f24432726f7b54a3430c6a26f33ba2bfa37bcf

  • Size

    1.5MB

  • Sample

    230507-c4kn8age2x

  • MD5

    7ba56580f39de5f3f16a924ca5a1b152

  • SHA1

    51b37e4a09eea4b47507e11f9409e35df04b57ee

  • SHA256

    6057b1afc6a01afed47e2869d3f24432726f7b54a3430c6a26f33ba2bfa37bcf

  • SHA512

    f26bd527cde96bc1e205de95c10f44ab6d0f869a36ee0a9b12b0a9c6f395856d9c39b6a27b3a41d868868f12f15ff1298b75899e7b4836c937d22f0163f125e6

  • SSDEEP

    24576:pyGnwsaWKF3PlypDjJXPAA1Xz2ayL73ztfpr9mJG5uVMQ7egjIPP/7cjWMeEcDj6:cGnraWal4rVzqfBhX5cMiRj64jWMkDj7

Score
10/10
redlinemostinfostealerpersistencestealer

Malware Config

Extracted

Family

redline

Botnet

most

C2

185.161.248.73:4164

Attributes
  • auth_value

    7da4dfa153f2919e617aa016f7c36008

Targets

    • Target

      6057b1afc6a01afed47e2869d3f24432726f7b54a3430c6a26f33ba2bfa37bcf

    • Size

      1.5MB

    • MD5

      7ba56580f39de5f3f16a924ca5a1b152

    • SHA1

      51b37e4a09eea4b47507e11f9409e35df04b57ee

    • SHA256

      6057b1afc6a01afed47e2869d3f24432726f7b54a3430c6a26f33ba2bfa37bcf

    • SHA512

      f26bd527cde96bc1e205de95c10f44ab6d0f869a36ee0a9b12b0a9c6f395856d9c39b6a27b3a41d868868f12f15ff1298b75899e7b4836c937d22f0163f125e6

    • SSDEEP

      24576:pyGnwsaWKF3PlypDjJXPAA1Xz2ayL73ztfpr9mJG5uVMQ7egjIPP/7cjWMeEcDj6:cGnraWal4rVzqfBhX5cMiRj64jWMkDj7

    Score
    10/10
    redlinemostinfostealerpersistencestealer

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

      stealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks