Overview

overview

10

Static

static

1

ebadf0b022...in.exe

windows7-x64

10

ebadf0b022...in.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ebadf0b0222d1fbda47585fee0a067fd.bin.exe

  • Size

    1MB

  • Sample

    230713-hcxglage7x

  • MD5

    ebadf0b0222d1fbda47585fee0a067fd

  • SHA1

    dc8e03f5291d4007a07a5fd7c3930b626ed17cc1

  • SHA256

    a7587381129a99402b9c9a027fe8ccbe57d10323371728b12b7e72435ac668c5

  • SHA512

    052f86fe5d7fbc2b5af68fcf52e738649a71b88fca7c8583c664b7ffb80e4d6ef94178381aae8de17be68be7871532dd01c465d888a663e7b32bd1bb3a3121ed

  • SSDEEP

    12288:DzrKXmGDS7wmLFawxmd4JLuifxmcSdFVhGb3Sn:DnFawx1BdSdPQa

Score
10/10
redline1infostealerspyware

Malware Config

Extracted

Family

redline

Botnet

1

C2

172.190.158.255:33777

Attributes
  • auth_value

    d39fa9fb8831bf1aeaf33fd4e5714257

Targets

    • Target

      ebadf0b0222d1fbda47585fee0a067fd.bin.exe

    • Size

      1MB

    • MD5

      ebadf0b0222d1fbda47585fee0a067fd

    • SHA1

      dc8e03f5291d4007a07a5fd7c3930b626ed17cc1

    • SHA256

      a7587381129a99402b9c9a027fe8ccbe57d10323371728b12b7e72435ac668c5

    • SHA512

      052f86fe5d7fbc2b5af68fcf52e738649a71b88fca7c8583c664b7ffb80e4d6ef94178381aae8de17be68be7871532dd01c465d888a663e7b32bd1bb3a3121ed

    • SSDEEP

      12288:DzrKXmGDS7wmLFawxmd4JLuifxmcSdFVhGb3Sn:DnFawx1BdSdPQa

    Score
    10/10
    redline1infostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks