Overview

overview

10

Static

static

3

124d756a65...27.exe

windows7-x64

7

124d756a65...27.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e4a94d95c0af5a7082f90904e577ab04.bin

  • Size

    2.4MB

  • Sample

    240104-cfxc4sehar

  • MD5

    e6a0594d4a40f1932d393224e7b93e61

  • SHA1

    a0a60e0d3e276e90c5c759ddb30ed04c724ac013

  • SHA256

    6f968602f98f3ba702beb27c117e7ea2824517006d01234d8b216055e1f29273

  • SHA512

    881748200d7d1b0956abe207ffd20bf0b1a74a5a16f2b5d9c08dc8936e09d8d64d9fce42c7af4aab5e4a09ac3f037b8ff602df54eb3bf3cefd3b4c83f002ff06

  • SSDEEP

    49152:tVF+ZWAGBI5T+UD4QCgMy98fKTb+ChCY68rVh0LQHVq9RQgvv0GXjxXpdRCc:vF+ZWzBkne5y92mHCkBmLpQg0KjxZdoc

Score
10/10
redline777evasioninfostealerpersistence

Malware Config

Extracted

Family

redline

Botnet

777

C2

195.20.16.103:20440

Targets

    • Target

      124d756a655a6c4338f61ec8f43551dce23078e04d51ca4c03ca34f5df66af27.exe

    • Size

      2.5MB

    • MD5

      e4a94d95c0af5a7082f90904e577ab04

    • SHA1

      b2c6961b3f7e3c5fe0fe86743a3360633ab2c200

    • SHA256

      124d756a655a6c4338f61ec8f43551dce23078e04d51ca4c03ca34f5df66af27

    • SHA512

      3158b5f2e80e2bf1312e88cf43e1754068f0a28f620cbf09e1945e820796aadc39bf0dca04ea7d150aa167aa1bd08945980d6cc5602ac6593e9fd08ec6b9c44d

    • SSDEEP

      49152:hAcs6KxDps2x208AjgcbniYA5Ml2CgUBe+82POGAPmtnDguqFfzBk:OdtstrAjgcbiYx2rAZWJ4Uuq9+

    Score
    10/10
    persistenceredline777evasioninfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Modifies Windows Firewall

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks