Overview

overview

10

Static

static

3

0a2c8bc6c8...11.exe

windows7-x64

10

0a2c8bc6c8...11.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    0a2c8bc6c80293890c5f759276ff6a11.exe

  • Size

    1.7MB

  • Sample

    231024-h6n3badb65

  • MD5

    0a2c8bc6c80293890c5f759276ff6a11

  • SHA1

    d488442bce8e1c2ac2247e98c14ca2db4385800f

  • SHA256

    52bd35e92b25fa394ef3811f27f4d1bc260d51b515d9fea78fed85efc885fb7e

  • SHA512

    b21322d0ed09db70dc83697cc1cb9198ca8b39aeead50826677b73a11fe287cd00c05ca946b7d4fb9758c4de41300a451cfa23c711789a021de3b5cb95377143

  • SSDEEP

    49152:rt4e/b1mFUqWFs90qo1G2yXziO9buIlLk:aeTAFp+1WXzb5k

Score
10/10
redlinekinzainfostealerpersistence

Malware Config

Extracted

Family

redline

Botnet

kinza

C2

77.91.124.86:19084

Targets

    • Target

      0a2c8bc6c80293890c5f759276ff6a11.exe

    • Size

      1.7MB

    • MD5

      0a2c8bc6c80293890c5f759276ff6a11

    • SHA1

      d488442bce8e1c2ac2247e98c14ca2db4385800f

    • SHA256

      52bd35e92b25fa394ef3811f27f4d1bc260d51b515d9fea78fed85efc885fb7e

    • SHA512

      b21322d0ed09db70dc83697cc1cb9198ca8b39aeead50826677b73a11fe287cd00c05ca946b7d4fb9758c4de41300a451cfa23c711789a021de3b5cb95377143

    • SSDEEP

      49152:rt4e/b1mFUqWFs90qo1G2yXziO9buIlLk:aeTAFp+1WXzb5k

    Score
    10/10
    redlinekinzainfostealerpersistence

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks