Overview

overview

10

Static

static

3

bcd0038db8...71.exe

windows7-x64

10

bcd0038db8...71.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bcd0038db8d8b68deadf2e8e1a506ee8ff33430d757b89219ddbf31e0be64871

  • Size

    267KB

  • Sample

    230726-v3gv2sff7y

  • MD5

    093bbbbe5850b8153a00efa1df20f14e

  • SHA1

    e194e15c5d3cc30c407584cbffccf50e995a2d30

  • SHA256

    2ab70644431fbafabef760b3a4657f50bcb8bba0c77c5f8e5724a439af87416d

  • SHA512

    dd597e96d3f2d172d8014280c655463b500a5adcd41413bf80355adb216d3e730b5baf2e0f1153c2b6aff91890b0d3a27624981ffb93d7eb06d159e221525f52

  • SSDEEP

    6144:5MjnTyletUInFw/5vvZlY2RQs2Q1NS6N3EpuQYJquPqp0h+:onTfUcw/lDRs6S6N0pkquF4

Score
10/10
redline@germanydiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

@Germany

C2

194.26.135.162:2920

Attributes
  • auth_value

    9d15d78194367a949e54a07d6ce02c62

Targets

    • Target

      bcd0038db8d8b68deadf2e8e1a506ee8ff33430d757b89219ddbf31e0be64871

    • Size

      443KB

    • MD5

      6d2733f8c4f47a4db525df8ec88be7bf

    • SHA1

      c94a143b9ec4e30092cf309c128cfd5b130b9708

    • SHA256

      bcd0038db8d8b68deadf2e8e1a506ee8ff33430d757b89219ddbf31e0be64871

    • SHA512

      80ff9defe80e0dabcead77e2a7f419b08015aedb9554c0145c61b5c652856acd240b2efc30c64995466dfea90fba1ac990b3f9c5c06ed7f5c71536c35bd02ed7

    • SSDEEP

      6144:L85UtLsfletUInFw15vvZlYiRQS2M1NS6N3a4ajv+HT4:LCUtgaUcw1l5RgmS6NIjmz

    Score
    10/10
    redline@germanydiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks