Overview

overview

10

Static

static

3

tmp.exe

windows7-x64

10

tmp.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    tmp

  • Size

    6.0MB

  • Sample

    231002-hgykfshe44

  • MD5

    dc877ed865bb462a6bb004748615f239

  • SHA1

    e5eb1dc3e67d32f763bbc7ba070884d3a5c3d6e4

  • SHA256

    e30bd29b3bdad81a876a1194e5977f2edb22ebccf4dab80e370bde4b30141182

  • SHA512

    dd048060603f9c41186a230c5416b73b1c4a69df7fda78fe42f9541ced5241827fd944ae140129907f095411a1c253e3feb459955c2d82c905ce76fb050b2ae6

  • SSDEEP

    98304:5gGuaMnE1D20QE88H0jNN1yBCbkssKMr6agw2JpZjUzZ6Or8KYN1/:5RuPO5Qm0j/XjkCXwz8h

Score
10/10
redlineinfostealer

Malware Config

Targets

    • Target

      tmp

    • Size

      6.0MB

    • MD5

      dc877ed865bb462a6bb004748615f239

    • SHA1

      e5eb1dc3e67d32f763bbc7ba070884d3a5c3d6e4

    • SHA256

      e30bd29b3bdad81a876a1194e5977f2edb22ebccf4dab80e370bde4b30141182

    • SHA512

      dd048060603f9c41186a230c5416b73b1c4a69df7fda78fe42f9541ced5241827fd944ae140129907f095411a1c253e3feb459955c2d82c905ce76fb050b2ae6

    • SSDEEP

      98304:5gGuaMnE1D20QE88H0jNN1yBCbkssKMr6agw2JpZjUzZ6Or8KYN1/:5RuPO5Qm0j/XjkCXwz8h

    Score
    10/10
    redlineinfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks