Overview

overview

10

Static

static

1

Kiddions/K...st.exe

windows7-x64

10

Kiddions/K...st.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ModestMenuKiddions.rar

  • Size

    3.2MB

  • Sample

    230515-y4mpgafg2v

  • MD5

    746a0c8b3a8e10687b9df13d9c6e2ceb

  • SHA1

    bcfb832d353b264a5748ea8e7b1270c0d19fee14

  • SHA256

    9db15c95199ed68863e8d8d3dda450aa3f65fb004fb88d41ece74e7615074a68

  • SHA512

    c8a7d69b3b176c8de8ad86a72aeee5041251fd75d8126919a6c20547372fa92a581dc0cec4ebf181c22a47e2360892026ad3d1df44b9525b0080799546981c66

  • SSDEEP

    98304:8kZMvJZeAGW4jGtiKVxftQePq8wcg1d/NjlI4Fauyrzn:RGBZ3Cj3KVxWBHm4guyrD

Score
10/10
redline@dxrkl0rdinfostealerspyware

Malware Config

Extracted

Family

redline

Botnet

@dxrkl0rd

C2

45.15.156.170:43588

Attributes
  • auth_value

    9c8dd7353be7ed4b6832da21d8d0d902

Targets

    • Target

      Kiddions/KiddionsModest.exe

    • Size

      476.8MB

    • MD5

      e6d1550517cff7bd568fc6a35145390d

    • SHA1

      cd0eaa64ada36aa05254220ed053f8c1d71a4341

    • SHA256

      10fe66c48781cbad9860ab9ed678091d95a629d2745b2686937e4334fa1d3400

    • SHA512

      de1f44fa954a1812aeccc4295139cc7585c88b29240772d11dbc75a03460d1e8a2369b958fb056b92f607dd26c11abdea4ccb25c34773f5b7930da71d2900b79

    • SSDEEP

      6144:/inZpREVUCsshIz9S7VAOSBs6sy70044ZdNiMaW6jq:anZpOGshI4Vws6sq074ZLi

    Score
    10/10
    redline@dxrkl0rdinfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks