Overview

overview

10

Static

static

3

NA_680fa23...JC.exe

windows7-x64

10

NA_680fa23...JC.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NA_680fa23ffd5f8185eb50f5493_JC.exe

  • Size

    441KB

  • Sample

    230727-rfvxlsfg4x

  • MD5

    1aaa434406dfe8a9f9832cef05c224f0

  • SHA1

    3394604f1168eb67a2d6b0d151b71d05ce7d79fb

  • SHA256

    680fa23ffd5f8185eb50f54932becc71d2d3b51b39033f853c4ea2e8737e34f0

  • SHA512

    68d65fe676d6f7ef71e01da69d3add76e54ced23939019151eecf7eead609eba22b24278317daeb1131f6162656eb05ebc153981c275c37f10454c43a90f4acb

  • SSDEEP

    6144:qlUgLNFhK7YQ/FJF6MQgyuvckovIwk27Sjv+HT:AUgpFhKcQLF6zLuExDSjmz

Score
10/10
redline@germanydiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

@Germany

C2

194.26.135.162:2920

Attributes
  • auth_value

    9d15d78194367a949e54a07d6ce02c62

Targets

    • Target

      NA_680fa23ffd5f8185eb50f5493_JC.exe

    • Size

      441KB

    • MD5

      1aaa434406dfe8a9f9832cef05c224f0

    • SHA1

      3394604f1168eb67a2d6b0d151b71d05ce7d79fb

    • SHA256

      680fa23ffd5f8185eb50f54932becc71d2d3b51b39033f853c4ea2e8737e34f0

    • SHA512

      68d65fe676d6f7ef71e01da69d3add76e54ced23939019151eecf7eead609eba22b24278317daeb1131f6162656eb05ebc153981c275c37f10454c43a90f4acb

    • SSDEEP

      6144:qlUgLNFhK7YQ/FJF6MQgyuvckovIwk27Sjv+HT:AUgpFhKcQLF6zLuExDSjmz

    Score
    10/10
    redline@germanydiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks