Overview

overview

10

Static

static

1

installmen....bat

windows7-x64

7

installmen....bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e0f0449aae4dc117e34517e8c83fd49faf2b379dc4f2fd35ff291dd5003864e2

  • Size

    294KB

  • Sample

    230917-wzgasaef72

  • MD5

    8248867e6d42d41cfdea624f87e14fa6

  • SHA1

    444a2609c5bf9d45799565f48615ca21a969782c

  • SHA256

    e0f0449aae4dc117e34517e8c83fd49faf2b379dc4f2fd35ff291dd5003864e2

  • SHA512

    176355e209719b340e05940dc1f1d0d522364404d6291f11e3f4a16ff3d50ad4ff26352bca5c578da89063635aa31c997633a92d331ce62a83bcf85f211c6a3e

  • SSDEEP

    6144:4C2qrKCjCFYQs7CyYblxUuSQsJ11rb3V7NSgE3Y22z/KOK0De:4CrKCjCFYfYcuSQYrJMx3YVzyOK0y

Score
10/10
redline1a1discoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

A1

C2

80.85.152.191:27465

Attributes
  • auth_value

    a131e3b093780cde0c92d305bfc047cd

Extracted

Family

redline

Botnet

1

C2

192.248.145.110:2206

Attributes
  • auth_value

    ab3016ff00d136f88ba093ed5c03f62c

Targets

    • Target

      installment-papers-𝘱𝘥𝘧.bat

    • Size

      393KB

    • MD5

      b4c53eb42fac3e0c8770a4704171cfb6

    • SHA1

      84d6767c85019aebb3a69f7e91122b849a7920d4

    • SHA256

      f4f093e1c950a233464a6a17a2040630c9e4f69b282f4a34510b3de35d5723b0

    • SHA512

      28ce60729339301a9d2f2795bce4624480e9704102944d55efaff0e8a6c2448d83809e397fa4385304fc7d7f21041dee45614dddfcdb088c27289d75d1082b30

    • SSDEEP

      12288:BC2EeON/+rF+B2Oifb0FfNGIklldsk2zdoBgT0eOTXzRlQk:Bi4Y2nfwHklldskOdsd5lQk

    Score
    10/10
    redline1a1discoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks