Overview

overview

10

Static

static

3

cbd4014682...3a.exe

windows7-x64

7

cbd4014682...3a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cbd401468253a8b9e9f335b9f23c251c05c3a47eaa229a157559a16d33d2e93a

  • Size

    1.0MB

  • Sample

    231012-fnlhcsgf6x

  • MD5

    5bea432079dad8cfe031acf040e7a995

  • SHA1

    179c49408b68c57b7f8b3e394aedb25238ab1533

  • SHA256

    cbd401468253a8b9e9f335b9f23c251c05c3a47eaa229a157559a16d33d2e93a

  • SHA512

    bcd8cccc91a517b8647625f95a50576864cac30d91f9d359422ec800aad833ec242d419c6827ccc17a9d26b85a0bd2db9b8eab17a5b00520a4a65f564be0a71a

  • SSDEEP

    24576:HyuSR54Fwj6xtr6vqpVHvno2rtMRb/bj5H/TtzrY8:Sus5Ewj6xwvUVHvyBZ/Tt3Y

Score
10/10
redlinetuxiuinfostealerpersistence

Malware Config

Extracted

Family

redline

Botnet

tuxiu

C2

77.91.124.82:19071

Attributes
  • auth_value

    29610cdad07e7187eec70685a04b89fe

Targets

    • Target

      cbd401468253a8b9e9f335b9f23c251c05c3a47eaa229a157559a16d33d2e93a

    • Size

      1.0MB

    • MD5

      5bea432079dad8cfe031acf040e7a995

    • SHA1

      179c49408b68c57b7f8b3e394aedb25238ab1533

    • SHA256

      cbd401468253a8b9e9f335b9f23c251c05c3a47eaa229a157559a16d33d2e93a

    • SHA512

      bcd8cccc91a517b8647625f95a50576864cac30d91f9d359422ec800aad833ec242d419c6827ccc17a9d26b85a0bd2db9b8eab17a5b00520a4a65f564be0a71a

    • SSDEEP

      24576:HyuSR54Fwj6xtr6vqpVHvno2rtMRb/bj5H/TtzrY8:Sus5Ewj6xwvUVHvyBZ/Tt3Y

    Score
    10/10
    persistenceredlinetuxiuinfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks