Overview

overview

10

Static

static

1

CF7.bin.exe

windows7-x64

10

CF7.bin.exe

windows10-2004-x64

10

Resubmissions

21-09-2023 15:56

230921-tdmjkabb74 10

21-09-2023 15:51

230921-tagtxahb6w 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CF7.bin.exe

  • Size

    1.3MB

  • Sample

    230921-tagtxahb6w

  • MD5

    6f5c6ab6bef8193955686e12cadc0ae3

  • SHA1

    8b4ceb8063879eccf29ab04944753eab20f8c328

  • SHA256

    18195648d7dd6e5654785f57dd595f8a6de963571018aea172fe5b4d2b2a9fda

  • SHA512

    4a23b6633aa91916300ef3f5eb97a14a1e31e119148049a1310cab80addc634c281d617cc9ef5d09624a2e291134b502cadcd80896a394098c42c334c5365df7

  • SSDEEP

    24576:BsnoYufskYrupjowDYTCGFQXdKUmMHjjnpwWDf:Bs5RDwoKPGEdKUHjNwW7

Score
10/10
redlineinfostealerpersistencespyware

Malware Config

Targets

    • Target

      CF7.bin.exe

    • Size

      1.3MB

    • MD5

      6f5c6ab6bef8193955686e12cadc0ae3

    • SHA1

      8b4ceb8063879eccf29ab04944753eab20f8c328

    • SHA256

      18195648d7dd6e5654785f57dd595f8a6de963571018aea172fe5b4d2b2a9fda

    • SHA512

      4a23b6633aa91916300ef3f5eb97a14a1e31e119148049a1310cab80addc634c281d617cc9ef5d09624a2e291134b502cadcd80896a394098c42c334c5365df7

    • SSDEEP

      24576:BsnoYufskYrupjowDYTCGFQXdKUmMHjjnpwWDf:Bs5RDwoKPGEdKUHjNwW7

    Score
    10/10
    redlineinfostealerpersistencespyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks