Overview

overview

10

Static

static

3

99d89255c6...9b.exe

windows7-x64

10

99d89255c6...9b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    99d89255c603d934070285bcbf5dc860a43a39c934711e608165386b49222f9b

  • Size

    4.7MB

  • Sample

    240402-xnhj5sae3w

  • MD5

    8b3875ea54679f894f697a683dae6f91

  • SHA1

    bf8f74381267c43b744a714b70e6040ac3b49f3f

  • SHA256

    99d89255c603d934070285bcbf5dc860a43a39c934711e608165386b49222f9b

  • SHA512

    13fb46763ee136fe079086e77a9e52ceb9eb301387106ab8ac3c0f7f1b84770c5b244592d75fdbd245e898c94d50970a5390ff84177778cf94c5211ef33687ad

  • SSDEEP

    98304:xdOz+y7nMS9h6mvDdPfTLniKdzOJDb4v+:xM6ypZPLLBwN0v+

Score
10/10
redline1infostealerpersistence

Malware Config

Extracted

Family

redline

Botnet

1

C2

77.221.156.45:18734

Targets

    • Target

      99d89255c603d934070285bcbf5dc860a43a39c934711e608165386b49222f9b

    • Size

      4.7MB

    • MD5

      8b3875ea54679f894f697a683dae6f91

    • SHA1

      bf8f74381267c43b744a714b70e6040ac3b49f3f

    • SHA256

      99d89255c603d934070285bcbf5dc860a43a39c934711e608165386b49222f9b

    • SHA512

      13fb46763ee136fe079086e77a9e52ceb9eb301387106ab8ac3c0f7f1b84770c5b244592d75fdbd245e898c94d50970a5390ff84177778cf94c5211ef33687ad

    • SSDEEP

      98304:xdOz+y7nMS9h6mvDdPfTLniKdzOJDb4v+:xM6ypZPLLBwN0v+

    Score
    10/10
    redline1infostealerpersistence

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Adds Run key to start application

      persistence

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks