Overview

overview

10

Static

static

3

tmp.exe

windows7-x64

10

tmp.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    tmp

  • Size

    356KB

  • Sample

    231016-t2rs7acc43

  • MD5

    a7b2991e84f8c088b8fa27c712c17ec1

  • SHA1

    125d3f34784555126a40f10eaeade212a1e66b97

  • SHA256

    9f5bccdc67b8653e13dee925d7c528b32f185a0f228be10abeeb5fc145d34675

  • SHA512

    fdb6aba35f74af8af50c2d85dcda08274b37ffbf3247c3b1e7ff749bf013bf070f7d11686f55d4013080b64e416cd623597883384982b4d3834cd163b7cffc41

  • SSDEEP

    6144:QLl540SK5sQiM+2T5cKuCYSE4K94msk5kdqD4r3iJj:iz40BiMjWYK9Uk14r3iJj

Score
10/10
redlinebuild285infostealerspyware

Malware Config

Extracted

Family

redline

Botnet

build285

C2

194.169.175.232:45451

Targets

    • Target

      tmp

    • Size

      356KB

    • MD5

      a7b2991e84f8c088b8fa27c712c17ec1

    • SHA1

      125d3f34784555126a40f10eaeade212a1e66b97

    • SHA256

      9f5bccdc67b8653e13dee925d7c528b32f185a0f228be10abeeb5fc145d34675

    • SHA512

      fdb6aba35f74af8af50c2d85dcda08274b37ffbf3247c3b1e7ff749bf013bf070f7d11686f55d4013080b64e416cd623597883384982b4d3834cd163b7cffc41

    • SSDEEP

      6144:QLl540SK5sQiM+2T5cKuCYSE4K94msk5kdqD4r3iJj:iz40BiMjWYK9Uk14r3iJj

    Score
    10/10
    redlinebuild285infostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks