Overview

overview

10

Static

static

10

085f06b14f...f0.exe

windows7-x64

10

085f06b14f...f0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    085f06b14ffef066d5a8acc5995e82f0.exe

  • Size

    304KB

  • Sample

    240423-jvqmfaeg41

  • MD5

    085f06b14ffef066d5a8acc5995e82f0

  • SHA1

    42afb72c4f5d73b7af151d90e59de9cc235e87b5

  • SHA256

    92afa7a9c3f0dceaaba64f46bee7623f43c94fa04dc56c8704f9f82f2054e453

  • SHA512

    dafee8b090d3c6449ab0b41dabbb9d5c421f2e0e5f72ea6d7eba5ade2f69124c1f6c204dbb40e022db9b5071e2fd84cafaefef5d15261975d1a6dce53af49def

  • SSDEEP

    3072:gq6EgY6i2rUjeLTeHwP+ChTQ4E1WPSmbTAwtASiSkcZqf7D34FeqiOLibBO9:jqY6i4MwPXT5EIS6TAsAskcZqf7DIPL

Score
10/10
redline20discoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

20

C2

91.92.241.122:39361

Targets

    • Target

      085f06b14ffef066d5a8acc5995e82f0.exe

    • Size

      304KB

    • MD5

      085f06b14ffef066d5a8acc5995e82f0

    • SHA1

      42afb72c4f5d73b7af151d90e59de9cc235e87b5

    • SHA256

      92afa7a9c3f0dceaaba64f46bee7623f43c94fa04dc56c8704f9f82f2054e453

    • SHA512

      dafee8b090d3c6449ab0b41dabbb9d5c421f2e0e5f72ea6d7eba5ade2f69124c1f6c204dbb40e022db9b5071e2fd84cafaefef5d15261975d1a6dce53af49def

    • SSDEEP

      3072:gq6EgY6i2rUjeLTeHwP+ChTQ4E1WPSmbTAwtASiSkcZqf7D34FeqiOLibBO9:jqY6i4MwPXT5EIS6TAsAskcZqf7DIPL

    Score
    10/10
    redline20discoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks