Overview

overview

10

Static

static

1

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    75dd991971cab83f49b214ca6e3dca575395db63514e334f8b0065478af6f077

  • Size

    380KB

  • Sample

    230827-fe56eafe45

  • MD5

    80c339b9cfb70abfcb04639c45ed43cd

  • SHA1

    8528245af0095d13719df2d074783e7e3e3b7b9c

  • SHA256

    75dd991971cab83f49b214ca6e3dca575395db63514e334f8b0065478af6f077

  • SHA512

    4a54f03886aed7af2ff71e7f36e9193194c11ebf1d924922bdb8d5a0b70a73d001db3c263dbb193c188c6fe52070435da2771a6ecdba8310b40f7a5ef7f80c4e

  • SSDEEP

    6144:tlwysXhFhimXpURQ0m0RmFmBylFJAOs5frWRTfbmD8D8SHFGlKUduuQBn:3wymFhimXp6eFzl/ffbE8D8SHYzQBn

Score
10/10
redlineinstallsinfostealerspyware

Malware Config

Extracted

Family

redline

Botnet

installs

C2

162.55.189.218:26952

Attributes
  • auth_value

    4bdfa4191a2826ff2af143a4691bab78

Targets

    • Target

      75dd991971cab83f49b214ca6e3dca575395db63514e334f8b0065478af6f077

    • Size

      380KB

    • MD5

      80c339b9cfb70abfcb04639c45ed43cd

    • SHA1

      8528245af0095d13719df2d074783e7e3e3b7b9c

    • SHA256

      75dd991971cab83f49b214ca6e3dca575395db63514e334f8b0065478af6f077

    • SHA512

      4a54f03886aed7af2ff71e7f36e9193194c11ebf1d924922bdb8d5a0b70a73d001db3c263dbb193c188c6fe52070435da2771a6ecdba8310b40f7a5ef7f80c4e

    • SSDEEP

      6144:tlwysXhFhimXpURQ0m0RmFmBylFJAOs5frWRTfbmD8D8SHFGlKUduuQBn:3wymFhimXp6eFzl/ffbE8D8SHYzQBn

    Score
    10/10
    redlineinstallsinfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks