Overview

overview

10

Static

static

3

dc6d5bd8f0...3f.exe

windows7-x64

7

dc6d5bd8f0...3f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dc6d5bd8f0c5781801301c209a03004c1d7309335238355bcc31c5ad5f3ae83f

  • Size

    937KB

  • Sample

    231012-el5msaff92

  • MD5

    5466d6e8f7e190b0db624958b4844b7c

  • SHA1

    e576c4888e5a290f3aa33316000a38cfb92e94b2

  • SHA256

    dc6d5bd8f0c5781801301c209a03004c1d7309335238355bcc31c5ad5f3ae83f

  • SHA512

    0406528fe4370dc8de9cf6ac81f46376542470a14d36154ac3e387325bca14043481e7998f241162ae2b63c7dcc872052d5ffbaf8cb03c399b6e8efa6fb4e36e

  • SSDEEP

    24576:LybIieayuBpxxQ5UhhimHTY/9BGL5IBNUL+Pi5MSEbC9HnHE8k:+buMrxlhZHs/iL5IBNhPEu2

Score
10/10
redlinetuxiuinfostealerpersistence

Malware Config

Extracted

Family

redline

Botnet

tuxiu

C2

77.91.124.82:19071

Attributes
  • auth_value

    29610cdad07e7187eec70685a04b89fe

Targets

    • Target

      dc6d5bd8f0c5781801301c209a03004c1d7309335238355bcc31c5ad5f3ae83f

    • Size

      937KB

    • MD5

      5466d6e8f7e190b0db624958b4844b7c

    • SHA1

      e576c4888e5a290f3aa33316000a38cfb92e94b2

    • SHA256

      dc6d5bd8f0c5781801301c209a03004c1d7309335238355bcc31c5ad5f3ae83f

    • SHA512

      0406528fe4370dc8de9cf6ac81f46376542470a14d36154ac3e387325bca14043481e7998f241162ae2b63c7dcc872052d5ffbaf8cb03c399b6e8efa6fb4e36e

    • SSDEEP

      24576:LybIieayuBpxxQ5UhhimHTY/9BGL5IBNUL+Pi5MSEbC9HnHE8k:+buMrxlhZHs/iL5IBNhPEu2

    Score
    10/10
    persistenceredlinetuxiuinfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks