Overview

overview

10

Static

static

3

d766509ed6...96.exe

windows7-x64

10

d766509ed6...96.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d766509ed69f458ea39b23f065e1f66a7563d6549de756b4d8cb992abfb3b796

  • Size

    793KB

  • Sample

    230507-h6hwasfb4s

  • MD5

    b122aedf7b3b67d7c0af32075b6bc141

  • SHA1

    349c9e7ce8481ef02f1441af343a17081f2a0b13

  • SHA256

    d766509ed69f458ea39b23f065e1f66a7563d6549de756b4d8cb992abfb3b796

  • SHA512

    52392a5579efa373b43d200818bcdb081a04f8b57f0177cc78ebfd1f19367b75de87e5a42d8ba9f52b935bbfe4cf057678313e2d7eeca03769c2478aedba2a84

  • SSDEEP

    12288:vy90JaFHTdEWbr6vFweDF5Cd6ccVrFrmtJlMRBVkpkIJ27m34AQMVXDC:vy0aFzdEgrGu6CqWLMdLI0i4AZDC

Score
10/10
redlinedorkgenainfostealerpersistencestealer

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Extracted

Family

redline

Botnet

dork

C2

185.161.248.73:4164

Attributes
  • auth_value

    e81be7d6cfb453cc812e1b4890eeadad

Targets

    • Target

      d766509ed69f458ea39b23f065e1f66a7563d6549de756b4d8cb992abfb3b796

    • Size

      793KB

    • MD5

      b122aedf7b3b67d7c0af32075b6bc141

    • SHA1

      349c9e7ce8481ef02f1441af343a17081f2a0b13

    • SHA256

      d766509ed69f458ea39b23f065e1f66a7563d6549de756b4d8cb992abfb3b796

    • SHA512

      52392a5579efa373b43d200818bcdb081a04f8b57f0177cc78ebfd1f19367b75de87e5a42d8ba9f52b935bbfe4cf057678313e2d7eeca03769c2478aedba2a84

    • SSDEEP

      12288:vy90JaFHTdEWbr6vFweDF5Cd6ccVrFrmtJlMRBVkpkIJ27m34AQMVXDC:vy0aFzdEgrGu6CqWLMdLI0i4AZDC

    Score
    10/10
    redlinedorkgenainfostealerpersistencestealer

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

      stealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks