Overview

overview

10

Static

static

3

399139bc23...9f.exe

windows7-x64

10

399139bc23...9f.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    232e41e84a20bb12782ce42871850a74.bin

  • Size

    241KB

  • Sample

    230729-bgkv2aad36

  • MD5

    87a19ffcd9f524200326a01dacc82f69

  • SHA1

    ca1311190bc71d33448f72fadf809101fd7a8c3f

  • SHA256

    69abb7cf9269b4e10d9a1bc5a902911381f008b7d3309eedff14feaf713d4e7a

  • SHA512

    5463de3b4f7277a86b7b95f7b71823c205b70c01d6a767c65e49fa08708e27db26c675e7d7d4a6cbbc57c4bc8e9ee96dcfc6a6d28d36007e2a19b8379b388ba3

  • SSDEEP

    6144:O3ckuVfw8P4/oWAvUaF16gX2Cp4gR85dss7rotB:OMHweEhAvCgVp4gR85dsw4

Score
10/10
redline@germanydiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

@Germany

C2

194.26.135.162:2920

Attributes
  • auth_value

    9d15d78194367a949e54a07d6ce02c62

Targets

    • Target

      399139bc23966f9509eb7bcc58f880e52df62c293f800d704bff96e0b0e8d09f.exe

    • Size

      411KB

    • MD5

      232e41e84a20bb12782ce42871850a74

    • SHA1

      a1bca700222948b82a8a2006b2bc559e353dea67

    • SHA256

      399139bc23966f9509eb7bcc58f880e52df62c293f800d704bff96e0b0e8d09f

    • SHA512

      3ab41780eea5f7b15e32127464f953df5e40b9c0325099265caac5498fa1879cbcb1ac70b47bad149a4a1f7b5115ce2a9918b5f3e64f971321b263468e09f393

    • SSDEEP

      6144:KFpR4IiisdqhgaYq3lNlx4mGYxymtVYiGLeCevDnoivo:KiIRsdlatlZP5yYnBg

    Score
    10/10
    redline@germanydiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks