Overview

overview

10

Static

static

3

NA_4eae100...JC.exe

windows7-x64

10

NA_4eae100...JC.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NA_4eae100521922e9249c423378_JC.exe

  • Size

    405KB

  • Sample

    230728-tdbgaseg2z

  • MD5

    af5280ef73f52091f8112d89515a4180

  • SHA1

    6ad079df834a88695cd4310527831ba557d83db9

  • SHA256

    4eae100521922e9249c423378708ecc0d393502c68bfc3216dbf75ca0faef949

  • SHA512

    5680a30b22613dfb1046e0a0f50c27beade09cbc8341fd9e46502af2b4756d18e3ade4abf61318dad0d5e2016fff7b8d8c360a41ed0d382a269eff6c13e24fa8

  • SSDEEP

    6144:Vq92ReGXMH3KEpkEuku6mRJZ45yPs2NHBaqCpe0R5H6gFt:NYGXMXKEZutJqisW+/5zF

Score
10/10
redline@germanydiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

@Germany

C2

194.26.135.162:2920

Attributes
  • auth_value

    9d15d78194367a949e54a07d6ce02c62

Targets

    • Target

      NA_4eae100521922e9249c423378_JC.exe

    • Size

      405KB

    • MD5

      af5280ef73f52091f8112d89515a4180

    • SHA1

      6ad079df834a88695cd4310527831ba557d83db9

    • SHA256

      4eae100521922e9249c423378708ecc0d393502c68bfc3216dbf75ca0faef949

    • SHA512

      5680a30b22613dfb1046e0a0f50c27beade09cbc8341fd9e46502af2b4756d18e3ade4abf61318dad0d5e2016fff7b8d8c360a41ed0d382a269eff6c13e24fa8

    • SSDEEP

      6144:Vq92ReGXMH3KEpkEuku6mRJZ45yPs2NHBaqCpe0R5H6gFt:NYGXMXKEZutJqisW+/5zF

    Score
    10/10
    redline@germanydiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Query Registry

4
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks