Overview

overview

10

Static

static

1

n4524297.exe

windows7-x64

10

n4524297.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    n4524297.exe

  • Size

    255KB

  • Sample

    230613-b4865sed57

  • MD5

    5ba02be58f756c893ea27416ca4eb90d

  • SHA1

    ee848cd893e07d967c849e5f8600e246f81c3fc9

  • SHA256

    9e60f719f6c1ae293ad593dc093e5872bc1a7df340a54527e7a1c9186ad66712

  • SHA512

    3c4670a3287531cc762ee270734a1ff967471b0dec146bcb87ddb4c0a80ee696b73ee87795c21f127d93f124972c114ec401677ec9165621c1388202503e97af

  • SSDEEP

    3072:vMiBIHozcM2o5/rmRviNhLI1fbCeOYTpL6GXraZKegBc4054fxvwXZB:vMCI22OmqTMraEeFnqCZB

Score
10/10
redlineborisdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

boris

C2

83.97.73.129:19068

Attributes
  • auth_value

    205e4fccc0f8c7da1d56fb1da4ac5e6a

Targets

    • Target

      n4524297.exe

    • Size

      255KB

    • MD5

      5ba02be58f756c893ea27416ca4eb90d

    • SHA1

      ee848cd893e07d967c849e5f8600e246f81c3fc9

    • SHA256

      9e60f719f6c1ae293ad593dc093e5872bc1a7df340a54527e7a1c9186ad66712

    • SHA512

      3c4670a3287531cc762ee270734a1ff967471b0dec146bcb87ddb4c0a80ee696b73ee87795c21f127d93f124972c114ec401677ec9165621c1388202503e97af

    • SSDEEP

      3072:vMiBIHozcM2o5/rmRviNhLI1fbCeOYTpL6GXraZKegBc4054fxvwXZB:vMCI22OmqTMraEeFnqCZB

    Score
    10/10
    redlineborisdiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks