Overview

overview

10

Static

static

3

df3c5dcfcf...79.exe

windows7-x64

10

df3c5dcfcf...79.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    df3c5dcfcf374a5a410dea7fddfc119489ce1425abb1f05b944223b48bcf8679

  • Size

    890KB

  • Sample

    230507-jgzyysgf3w

  • MD5

    992b76f941ba8c766d32a4d3f9cad057

  • SHA1

    06eeea44a2b10728c8fe26173438a5dd54c0394f

  • SHA256

    df3c5dcfcf374a5a410dea7fddfc119489ce1425abb1f05b944223b48bcf8679

  • SHA512

    39d59988e8f01f49aa670204e46fe8d1f3629f1fae5810f646bbb6ed8667f8bd4073502fb7048e53c178cfae0829d899d5f30ce4d5e0a1022537fc4531e59367

  • SSDEEP

    24576:typkLYKK2ByJ1N3nrRVAKkjHqy2/CvETqhlB47aYRk:IpabCN3r8iqfB42YR

Score
10/10
redlinedantegenainfostealerpersistence

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Extracted

Family

redline

Botnet

dante

C2

185.161.248.73:4164

Attributes
  • auth_value

    f4066af6b8a6f23125c8ee48288a3f90

Targets

    • Target

      df3c5dcfcf374a5a410dea7fddfc119489ce1425abb1f05b944223b48bcf8679

    • Size

      890KB

    • MD5

      992b76f941ba8c766d32a4d3f9cad057

    • SHA1

      06eeea44a2b10728c8fe26173438a5dd54c0394f

    • SHA256

      df3c5dcfcf374a5a410dea7fddfc119489ce1425abb1f05b944223b48bcf8679

    • SHA512

      39d59988e8f01f49aa670204e46fe8d1f3629f1fae5810f646bbb6ed8667f8bd4073502fb7048e53c178cfae0829d899d5f30ce4d5e0a1022537fc4531e59367

    • SSDEEP

      24576:typkLYKK2ByJ1N3nrRVAKkjHqy2/CvETqhlB47aYRk:IpabCN3r8iqfB42YR

    Score
    10/10
    redlinedantegenainfostealerpersistence

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks