Overview

overview

10

Static

static

3

cc2d526745...68.exe

windows7-x64

10

cc2d526745...68.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cc2d5267451649cf29cb43fd510aed0aa922d7b830dc5f0aebf99d802b82a768

  • Size

    266KB

  • Sample

    230726-v5damsfa96

  • MD5

    c12a95f5d3c8599437f62b8addef7df7

  • SHA1

    21000cb31ee2561e04bb09f644882c54a38a9f58

  • SHA256

    5532f5542427f30c1577a183290d5cb4ef2303ee50055507fa1a5ee8371c065e

  • SHA512

    d2cbdd9b5275fd349a8a6e0b524952054df2399188985cd2f134089a550f414e98e43d40336ac3fb3ec1ef1803a5db57c0e78509dfc0d727c8e9b80fa281660e

  • SSDEEP

    6144:nwdT/rQCAjCzNW1X8jJ5g9lwqNK3bf2oGHsiiuHip6jGxu690:nSTi1sfUdKTVGHFi790

Score
10/10
redline@germanydiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

@Germany

C2

194.26.135.162:2920

Attributes
  • auth_value

    9d15d78194367a949e54a07d6ce02c62

Targets

    • Target

      cc2d5267451649cf29cb43fd510aed0aa922d7b830dc5f0aebf99d802b82a768

    • Size

      442KB

    • MD5

      e18dd35afa779d523030d1a38ce6862b

    • SHA1

      7ec4cbb5c3534cb3423fc6248dcabcb6a0e70e97

    • SHA256

      cc2d5267451649cf29cb43fd510aed0aa922d7b830dc5f0aebf99d802b82a768

    • SHA512

      eb1ddabe4448ada8e207224d8d1c2d46af531cd1d348dd2fecd66b57360c40b730116202de4d490a02afcf4ff2ca94c32fe3fa3e2edcad772c2edc2786a7a246

    • SSDEEP

      6144:yJUHLGkhjCzNWlX8jJ5+9lwqNK3Ff2oGhsiiuHiI2jv+HT:8UHKQlsfudKxVGhFi5jmz

    Score
    10/10
    redline@germanydiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks