Overview

overview

10

Static

static

3

01592699.exe

windows7-x64

10

01592699.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    01592699.exe

  • Size

    1.0MB

  • Sample

    230526-h98k5aed26

  • MD5

    98a5ddd43a48d914481cf3c177d44f13

  • SHA1

    9d6c2fc2048ec74ab32dfab99e8953f56aa0ac0c

  • SHA256

    ec1b5795b6b199b2b488bea604ab0423474271cddec5e4733dd8c72504e6b42d

  • SHA512

    84e11277fa3cdeafa65684e43be27ef7e489487bbe4e40fd97f6e402a45d50faccd017dd3b533f342c349efa2102edb8ceb2f9d19411db20ad1de6c009d72767

  • SSDEEP

    24576:vymOSWwlPiW1F+OgjdwBk+LM6CURcnjfcD3JikalB:6NTCBYOgjO3LM6xcLij

Score
10/10
redlinegreglinadiscoveryevasioninfostealerpersistencespywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

lina

C2

83.97.73.122:19062

Attributes
  • auth_value

    13523aee5d194d7716b22eeab7de10ad

Extracted

Family

redline

Botnet

greg

C2

83.97.73.122:19062

Attributes
  • auth_value

    4c966a90781c6b4ab7f512d018696362

Targets

    • Target

      01592699.exe

    • Size

      1.0MB

    • MD5

      98a5ddd43a48d914481cf3c177d44f13

    • SHA1

      9d6c2fc2048ec74ab32dfab99e8953f56aa0ac0c

    • SHA256

      ec1b5795b6b199b2b488bea604ab0423474271cddec5e4733dd8c72504e6b42d

    • SHA512

      84e11277fa3cdeafa65684e43be27ef7e489487bbe4e40fd97f6e402a45d50faccd017dd3b533f342c349efa2102edb8ceb2f9d19411db20ad1de6c009d72767

    • SSDEEP

      24576:vymOSWwlPiW1F+OgjdwBk+LM6CURcnjfcD3JikalB:6NTCBYOgjO3LM6xcLij

    Score
    10/10
    redlinegreglinadiscoveryevasioninfostealerpersistencespywarestealertrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks