Overview

overview

10

Static

static

3

Setup.exe

windows7-x64

10

Setup.exe

windows10-2004-x64

10

Resubmissions

07/06/2023, 15:49

230607-s9s6jsda7s 3

07/06/2023, 15:19

230607-sp6adacg2z 10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Setup (PA$S 5577).rar

  • Size

    240KB

  • Sample

    230607-sp6adacg2z

  • MD5

    c5213545f159a6e759bb26b0d8a896bf

  • SHA1

    390f5202a81e4b19847341844b1b8a63502f74ce

  • SHA256

    1299158396c2f5928f04bcaf230d879fe309020b1a59c11ab27ff2ca1424aef2

  • SHA512

    a06cc04af4c9413ee9cc9ce6a08afc68932aeb2534555c63bbeff4131749a4518b1d26dc22368ecf5965ed985a22c1fb166ccd9e775bb4ae13f546780ae307ed

  • SSDEEP

    6144:7FH9B3bnNB/RdmwqfAbMxSzIpS01eGUkiOnigWoWAeji:7PB/ReUMxOacGUkVigWTA/

Score
10/10
redlineinfostealerspyware

Malware Config

Extracted

Family

redline

C2

95.217.14.200:16615

Attributes
  • auth_value

    1bfac947c350008abe813772b735f0fc

Targets

    • Target

      Setup.exe

    • Size

      1023.0MB

    • MD5

      c34763ada7e3f7ee62a1278c75a90bc6

    • SHA1

      c507f38f806b76d265f6b34ca7b99e29990541d2

    • SHA256

      6a5be3b1390562e7ea8786e4282b1058bebe5940c9136ad9df4ec5674f25f445

    • SHA512

      7c5bfcebde336816dadbd25d0c3b16b77cc244f06bf2d61d0d3cf989496be52bc91c1da59d168aa6fb8e147ef64619d798c1265842ad21d562d83c90bd5b4780

    • SSDEEP

      3072:WKDhD5ky4+7yyjPpJlSMDsHs+YNZDxujz4jo0o6RD/tH3pFgqvSjQ4qITpFH8bd:XymJlSMgHs7dxujgRpHjTSjt/TY

    Score
    10/10
    redlineinfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks