Overview

overview

10

Static

static

3

0f04e68d25...10.exe

windows7-x64

10

0f04e68d25...10.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0f13d26af0c24cabcacba9604bf6862f.bin

  • Size

    17.5MB

  • Sample

    230711-kdvqhaff35

  • MD5

    20e99afd161b3cc669c376e20e6d145b

  • SHA1

    6180c58abf8595a25b2dff866c1f270e39fd20fa

  • SHA256

    bd7d6d2ae300f3d5db230e3921d43d3406a185fb6e0f1a56cc5d985fce1254ce

  • SHA512

    cac957671189f77fceb709ffc587a365ed0b1721748c18cd1ac8d8a4641b24bb7e2861ca3e21ba8776343ee27448190d2849cb001b515952ce498388039b5d2a

  • SSDEEP

    393216:pSI43lTo7PEp3ztcVjrQviysQ5Ta0kub+h2x88IdtbD66Ir76/pLTqwYA9p:pH4lYPiqmnTHjbq2x8pb26P/huav

Score
10/10
redlinekodiland-wwinfostealerspyware

Malware Config

Extracted

Family

redline

Botnet

KOdiLand-ww

C2

212.113.116.143:23052

Attributes
  • auth_value

    32627bd9421e87d5a98e711623905ba2

Targets

    • Target

      0f04e68d258b3edcf493d8453484c8e540a2b4747f1eb761f27f70d03cc7f810.exe

    • Size

      18.0MB

    • MD5

      0f13d26af0c24cabcacba9604bf6862f

    • SHA1

      a533607111d1c8fa8bbc79b95cf6289106b8f2d1

    • SHA256

      0f04e68d258b3edcf493d8453484c8e540a2b4747f1eb761f27f70d03cc7f810

    • SHA512

      f606bc65a6c4b60b16e04724b85d622bfbd59366274c22700dda6a2d357e9aac85bcdbcc30dc00cd1dbaf4c4b881bd404a4d8c0a84bbe96e106f7f529e423671

    • SSDEEP

      393216:0CxRC77E1SF2LumzVbugLjS19kZ+L1FVqXxjvyy:VxRj3um5bC1FVqhjvy

    Score
    10/10
    redlinekodiland-wwinfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks