Overview

overview

10

Static

static

3

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    338KB

  • Sample

    230606-qlm9aadg86

  • MD5

    499d55cc63357dad9aebaf6a4b517527

  • SHA1

    0a870f2eb8a6346153af2109154bc3e2ecfb56ef

  • SHA256

    00fc3bba8814fea6dd4c9b78ae51876f5e6a213ca7919451253008330160aba2

  • SHA512

    28ade8182a01cef5bb7db381db198c88448ab9c9d4acc50e954f75361c5635efd09b0a508b9ef612813d3d57778302bd08309c4a6712c4c25b730f4658edf87c

  • SSDEEP

    6144:JFQhseNl11nZTIazEg2koS6V3Sc8h0UhEaCM:JiSeNl1zFzEzZ8qUG

Score
10/10
redline@chicagodiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

@Chicago

C2

185.81.68.115:2920

Attributes
  • auth_value

    624a75e46c4217bc2cafb7758d1978d9

Targets

    • Target

      file.exe

    • Size

      338KB

    • MD5

      499d55cc63357dad9aebaf6a4b517527

    • SHA1

      0a870f2eb8a6346153af2109154bc3e2ecfb56ef

    • SHA256

      00fc3bba8814fea6dd4c9b78ae51876f5e6a213ca7919451253008330160aba2

    • SHA512

      28ade8182a01cef5bb7db381db198c88448ab9c9d4acc50e954f75361c5635efd09b0a508b9ef612813d3d57778302bd08309c4a6712c4c25b730f4658edf87c

    • SSDEEP

      6144:JFQhseNl11nZTIazEg2koS6V3Sc8h0UhEaCM:JiSeNl1zFzEzZ8qUG

    Score
    10/10
    redline@chicagodiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks