Overview

overview

10

Static

static

1

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    594KB

  • Sample

    230619-h9h1gade6x

  • MD5

    b5ab758095caa295eae0dd07401a944c

  • SHA1

    fea81919a7063d143cd94706ad02940ad57651a5

  • SHA256

    a63139a21058e0e9e39b22c8b293f409d4382a66b6824c2ab89c1172daf16e3e

  • SHA512

    6c602377a36a495bd56c09533310d28654fbf388a04d3f81528ceaa57ea3bff0449db9459e283dc543e3bdf8e9a168f20b5176d9a2e25a343805b3dfc9ba6c08

  • SSDEEP

    12288:L0BaH7DjoFcnpVvRLxVuPb7w2fGBtoEHLH9vzo9t9D:LWaH7foFcnphsPbc2uBtoEHLH9boHx

Score
10/10
redline2infostealerspyware

Malware Config

Extracted

Family

redline

Botnet

2

C2

95.216.249.153:81

Attributes
  • auth_value

    101013a5e99e0857595aae297a11351d

Targets

    • Target

      file.exe

    • Size

      594KB

    • MD5

      b5ab758095caa295eae0dd07401a944c

    • SHA1

      fea81919a7063d143cd94706ad02940ad57651a5

    • SHA256

      a63139a21058e0e9e39b22c8b293f409d4382a66b6824c2ab89c1172daf16e3e

    • SHA512

      6c602377a36a495bd56c09533310d28654fbf388a04d3f81528ceaa57ea3bff0449db9459e283dc543e3bdf8e9a168f20b5176d9a2e25a343805b3dfc9ba6c08

    • SSDEEP

      12288:L0BaH7DjoFcnpVvRLxVuPb7w2fGBtoEHLH9vzo9t9D:LWaH7foFcnphsPbc2uBtoEHLH9boHx

    Score
    10/10
    redline2infostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks