Overview

overview

10

Static

static

10

3f6bc8ef30...b0.exe

windows7-x64

10

3f6bc8ef30...b0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3f6bc8ef3023fe1aa3956e6134af78b0.exe

  • Size

    25MB

  • Sample

    230828-e2hsysff49

  • MD5

    3f6bc8ef3023fe1aa3956e6134af78b0

  • SHA1

    b68650330210096ce8f94586dd4741babae0819a

  • SHA256

    fc6f534c0c0bd66d8973712b52ae241b3503a942645e18ee72e551b977eaabca

  • SHA512

    3ba9c96d87e2b4e69aa575f6b276994cb1f1ee3caaafcfb942be4f46f23cd5042fed9bf24d59733513f9c259aa045a134a4e8b257ece4e1acd994150b24dd2bd

  • SSDEEP

    393216:MdXQyvh0Xtz9jakSW0bbVCX9rmOE1cnHD:UXPh0tzHSAX9rTEan

Score
10/10
redline1infostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

1

C2

135.181.226.131:13769

Attributes
  • auth_value

    b7f3e468519a96db8237957d5c343c66

Targets

    • Target

      3f6bc8ef3023fe1aa3956e6134af78b0.exe

    • Size

      25MB

    • MD5

      3f6bc8ef3023fe1aa3956e6134af78b0

    • SHA1

      b68650330210096ce8f94586dd4741babae0819a

    • SHA256

      fc6f534c0c0bd66d8973712b52ae241b3503a942645e18ee72e551b977eaabca

    • SHA512

      3ba9c96d87e2b4e69aa575f6b276994cb1f1ee3caaafcfb942be4f46f23cd5042fed9bf24d59733513f9c259aa045a134a4e8b257ece4e1acd994150b24dd2bd

    • SSDEEP

      393216:MdXQyvh0Xtz9jakSW0bbVCX9rmOE1cnHD:UXPh0tzHSAX9rTEan

    Score
    10/10
    redline1infostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks