Overview

overview

10

Static

static

10

04808799.exe

windows7-x64

10

04808799.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    04808799.dat

  • Size

    172KB

  • Sample

    230606-nqm3zadd58

  • MD5

    571671cf890e153e1f0b0b568530bce3

  • SHA1

    d4c936841eb3bfb8fb81a2f59f0d0650605aa643

  • SHA256

    16ac8981175feef5c310175f874bd7bc25b6b71b1ae9d6f4e0e141118e2cd998

  • SHA512

    84b064199f11d431159218c71bcbfcfc7d9a31718f3034d1cd06ff62c5be7046743ce0dcbcc961a1cde0b59c096afd18e8b7b026897fb06adbd9fcb6d0ed400d

  • SSDEEP

    3072:QBF8QOIKbe97H9rWRxNB2NjrOSHy+8e8hg:q8MVdaHMOSHy+

Score
10/10
redlinemaxidiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

maxi

C2

83.97.73.126:19048

Attributes
  • auth_value

    6a3f22e5f4209b056a3fd330dc71956a

Targets

    • Target

      04808799.dat

    • Size

      172KB

    • MD5

      571671cf890e153e1f0b0b568530bce3

    • SHA1

      d4c936841eb3bfb8fb81a2f59f0d0650605aa643

    • SHA256

      16ac8981175feef5c310175f874bd7bc25b6b71b1ae9d6f4e0e141118e2cd998

    • SHA512

      84b064199f11d431159218c71bcbfcfc7d9a31718f3034d1cd06ff62c5be7046743ce0dcbcc961a1cde0b59c096afd18e8b7b026897fb06adbd9fcb6d0ed400d

    • SSDEEP

      3072:QBF8QOIKbe97H9rWRxNB2NjrOSHy+8e8hg:q8MVdaHMOSHy+

    Score
    10/10
    redlinemaxidiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks