Overview

overview

10

Static

static

3

05d00a8fe7...c0.exe

windows7-x64

10

05d00a8fe7...c0.exe

windows10-1703-x64

10

05d00a8fe7...c0.exe

windows10-2004-x64

10

Resubmissions

07-11-2023 17:52

231107-wf7nmacf6s 10

06-05-2023 22:41

230506-2l4rtadd95 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    05d00a8fe7a135a76e633e780fe166690fbc24c81b7e92147d4720132883bcc0.bin

  • Size

    1.5MB

  • Sample

    231107-wf7nmacf6s

  • MD5

    213724da16f36242e50dafa7d142bba0

  • SHA1

    2172e5e403c1fbacb444d555acd2dbdd597e7a4b

  • SHA256

    05d00a8fe7a135a76e633e780fe166690fbc24c81b7e92147d4720132883bcc0

  • SHA512

    dc47b66d3ed3f1bf322b693396094ae5f2d223fb1c49c947dbe13b618447536da865dcdd1627086936e6918cb10d1f9e8a2cd44a22f3dfc268e8a258cde3a9d4

  • SSDEEP

    24576:TyGku0Brki1KmZHmQW6fkS1gXSspfpFYrusyKelLQCnoH4cHvMi1wxZA7BIwnhpU:mNQjQWxOm9pfvnP5QCnq/PhwxZA95n

Score
10/10
redlinemostinfostealerpersistence

Malware Config

Extracted

Family

redline

Botnet

most

C2

185.161.248.73:4164

Attributes
  • auth_value

    7da4dfa153f2919e617aa016f7c36008

Targets

    • Target

      05d00a8fe7a135a76e633e780fe166690fbc24c81b7e92147d4720132883bcc0.bin

    • Size

      1.5MB

    • MD5

      213724da16f36242e50dafa7d142bba0

    • SHA1

      2172e5e403c1fbacb444d555acd2dbdd597e7a4b

    • SHA256

      05d00a8fe7a135a76e633e780fe166690fbc24c81b7e92147d4720132883bcc0

    • SHA512

      dc47b66d3ed3f1bf322b693396094ae5f2d223fb1c49c947dbe13b618447536da865dcdd1627086936e6918cb10d1f9e8a2cd44a22f3dfc268e8a258cde3a9d4

    • SSDEEP

      24576:TyGku0Brki1KmZHmQW6fkS1gXSspfpFYrusyKelLQCnoH4cHvMi1wxZA7BIwnhpU:mNQjQWxOm9pfvnP5QCnq/PhwxZA95n

    Score
    10/10
    redlinemostinfostealerpersistence

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks