Overview

overview

10

Static

static

3

NA_6dda6c6...JC.exe

windows7-x64

10

NA_6dda6c6...JC.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NA_6dda6c6e5f927c449bb2e3748_JC.exe

  • Size

    410KB

  • Sample

    230728-tldavseg7v

  • MD5

    82333e8388884ed07a8104b1da402b34

  • SHA1

    b45d4e410abff1ab9fcdd31a3d7778d9f9ad3b18

  • SHA256

    6dda6c6e5f927c449bb2e3748eaa9329aab3c6c3f9f54bbdaf8f49d33f844a56

  • SHA512

    6443c438d2189d49b1affc748325851cfae37335b8b5975ae89c840149a649beafbaeb0dd3476e91ee769b4bf1c896cc1192bce4eb2d9ecced21466affb1c1e3

  • SSDEEP

    3072:GeL7M9/t9Gfz045atvpUYWvyjk7CBOJbQS6w1/h5C/ahaORqmkrhOzM5b9ImJThd:PM9rGfg1tBKSO9uMP83dhOMbSUsvCfP

Score
10/10
redline@germanydiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

@Germany

C2

194.26.135.162:2920

Attributes
  • auth_value

    9d15d78194367a949e54a07d6ce02c62

Targets

    • Target

      NA_6dda6c6e5f927c449bb2e3748_JC.exe

    • Size

      410KB

    • MD5

      82333e8388884ed07a8104b1da402b34

    • SHA1

      b45d4e410abff1ab9fcdd31a3d7778d9f9ad3b18

    • SHA256

      6dda6c6e5f927c449bb2e3748eaa9329aab3c6c3f9f54bbdaf8f49d33f844a56

    • SHA512

      6443c438d2189d49b1affc748325851cfae37335b8b5975ae89c840149a649beafbaeb0dd3476e91ee769b4bf1c896cc1192bce4eb2d9ecced21466affb1c1e3

    • SSDEEP

      3072:GeL7M9/t9Gfz045atvpUYWvyjk7CBOJbQS6w1/h5C/ahaORqmkrhOzM5b9ImJThd:PM9rGfg1tBKSO9uMP83dhOMbSUsvCfP

    Score
    10/10
    redline@germanydiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks