Overview

overview

10

Static

static

3

cb3e380fd7...69.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cb3e380fd76299c7f0e36b352705756f3bc8b826f2244647d0e849b64a0fee69

  • Size

    5.4MB

  • Sample

    230712-khe6lsdf2x

  • MD5

    baa6bf9f27d3f62d25203d81dba29652

  • SHA1

    9de6eb304b450e19ac0ddf490e50ba2a78e69fe7

  • SHA256

    cb3e380fd76299c7f0e36b352705756f3bc8b826f2244647d0e849b64a0fee69

  • SHA512

    38f8f7000db573b468f9ed7e7808d3fcdd096c9f866239e3a014270a0d9fdd6ae39ad0160eef5754817cc6828181dc5b50ac71ce4735be249f47deb93f0a51c9

  • SSDEEP

    98304:m43tpINuCfbWcd7Hzk7H07lu4UtbtEh+waQb2vTT6QJN3A87Ptnx:m4P0fSp0k4rUweH6QJ6SPt

Score
10/10
redline2discoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

2

C2

65.21.118.109:42825

Attributes
  • auth_value

    94b6263d6b4ea59b523674dfddf3486c

Targets

    • Target

      cb3e380fd76299c7f0e36b352705756f3bc8b826f2244647d0e849b64a0fee69

    • Size

      5.4MB

    • MD5

      baa6bf9f27d3f62d25203d81dba29652

    • SHA1

      9de6eb304b450e19ac0ddf490e50ba2a78e69fe7

    • SHA256

      cb3e380fd76299c7f0e36b352705756f3bc8b826f2244647d0e849b64a0fee69

    • SHA512

      38f8f7000db573b468f9ed7e7808d3fcdd096c9f866239e3a014270a0d9fdd6ae39ad0160eef5754817cc6828181dc5b50ac71ce4735be249f47deb93f0a51c9

    • SSDEEP

      98304:m43tpINuCfbWcd7Hzk7H07lu4UtbtEh+waQb2vTT6QJN3A87Ptnx:m4P0fSp0k4rUweH6QJ6SPt

    Score
    10/10
    redline2discoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks