Overview

overview

10

Static

static

3

d55d6643dd...b1.exe

windows7-x64

10

d55d6643dd...b1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d55d6643dd6fdbf55abd15bae8a53be81db767c2e4f45b99d5eee1469e0c74b1.exe

  • Size

    993KB

  • Sample

    230514-w79masch69

  • MD5

    e4e9674dbf2b666480ac01dd951a45cb

  • SHA1

    9e24ad523992a78b3ec033433958916d6ee99f5a

  • SHA256

    d55d6643dd6fdbf55abd15bae8a53be81db767c2e4f45b99d5eee1469e0c74b1

  • SHA512

    d799a1bcdeb88da1065e03247b01020b2ec20ba7ee5d80bfcc67d0c2c55a70c94cfd337136ccf6a96d8c6fe15404254217566fc590198ff039eb461b448cbb11

  • SSDEEP

    24576:5ytw0dtilf9XXyoJauW7gWB6+yYZmNNND95xKP3iJt:stEXXyoJauW0WB6nYoND9LKq

Score
10/10
redlinemixerrozadiscoveryinfostealerpersistencespywarestealer

Malware Config

Extracted

Family

redline

Botnet

mixer

C2

185.161.248.75:4132

Attributes
  • auth_value

    3668eba4f0cb1021a9e9ed55e76ed85e

Extracted

Family

redline

Botnet

roza

C2

185.161.248.75:4132

Attributes
  • auth_value

    3e701c8c522386806a8f1f40a90873a7

Targets

    • Target

      d55d6643dd6fdbf55abd15bae8a53be81db767c2e4f45b99d5eee1469e0c74b1.exe

    • Size

      993KB

    • MD5

      e4e9674dbf2b666480ac01dd951a45cb

    • SHA1

      9e24ad523992a78b3ec033433958916d6ee99f5a

    • SHA256

      d55d6643dd6fdbf55abd15bae8a53be81db767c2e4f45b99d5eee1469e0c74b1

    • SHA512

      d799a1bcdeb88da1065e03247b01020b2ec20ba7ee5d80bfcc67d0c2c55a70c94cfd337136ccf6a96d8c6fe15404254217566fc590198ff039eb461b448cbb11

    • SSDEEP

      24576:5ytw0dtilf9XXyoJauW7gWB6+yYZmNNND95xKP3iJt:stEXXyoJauW0WB6nYoND9LKq

    Score
    10/10
    redlinemixerrozadiscoveryinfostealerpersistencespywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks