Overview

overview

10

Static

static

3

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    636KB

  • Sample

    230816-rkkbnsdb9x

  • MD5

    e063c836d7f625542dbff037e69e5e8a

  • SHA1

    dd8b64d02635b5ff31e88d257777266bad0a9d87

  • SHA256

    e644df9fb12d4f5a7fbbe88089460509153fd88160c35ff155fabf837d632a36

  • SHA512

    b3ec98aa9775ebc5d3d78c5294a2c40d6d9d4af575d2fb0cbb279a7c8ca3324955a93b67c81e53458105c09117bbdb1a372d6a12e79102c97a35e71307a1a4e2

  • SSDEEP

    12288:pIdR/L2wA8UePhz2j01+PDkRGqOBr1gIlC1DM0+c2XZbW03:0L3Afeojhtl1gIlC1DMh20

Score
10/10
redline3infostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

3

C2

101.99.92.59:34511

Attributes
  • auth_value

    aeea794f6d496324144b155850fe9769

Targets

    • Target

      file.exe

    • Size

      636KB

    • MD5

      e063c836d7f625542dbff037e69e5e8a

    • SHA1

      dd8b64d02635b5ff31e88d257777266bad0a9d87

    • SHA256

      e644df9fb12d4f5a7fbbe88089460509153fd88160c35ff155fabf837d632a36

    • SHA512

      b3ec98aa9775ebc5d3d78c5294a2c40d6d9d4af575d2fb0cbb279a7c8ca3324955a93b67c81e53458105c09117bbdb1a372d6a12e79102c97a35e71307a1a4e2

    • SSDEEP

      12288:pIdR/L2wA8UePhz2j01+PDkRGqOBr1gIlC1DM0+c2XZbW03:0L3Afeojhtl1gIlC1DMh20

    Score
    10/10
    redline3infostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks