Overview

overview

10

Static

static

10

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    27d355414843c733ab544b22f0b47b91a44d811d773ac5e93936fb4890ca020d

  • Size

    306KB

  • Sample

    240424-stkjgacd44

  • MD5

    12b6d7ac92d3766d238212b9b2e41a23

  • SHA1

    aae8ddffd81c9d7b663dbe4e4d6c4efc5a749b68

  • SHA256

    27d355414843c733ab544b22f0b47b91a44d811d773ac5e93936fb4890ca020d

  • SHA512

    f37af19ed10eb18a5c6d1dbbd6f446b3383e06be2bba0ffaf766546473148ff5b8a06c1c2cd3e3d269d7c4045e84fe50d6575efb64104ef361b9526ce15c9b7e

  • SSDEEP

    6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/

Score
10/10
redlinespooinfostealer

Malware Config

Extracted

Family

redline

Botnet

spoo

C2

103.113.70.99:2630

Targets

    • Target

      27d355414843c733ab544b22f0b47b91a44d811d773ac5e93936fb4890ca020d

    • Size

      306KB

    • MD5

      12b6d7ac92d3766d238212b9b2e41a23

    • SHA1

      aae8ddffd81c9d7b663dbe4e4d6c4efc5a749b68

    • SHA256

      27d355414843c733ab544b22f0b47b91a44d811d773ac5e93936fb4890ca020d

    • SHA512

      f37af19ed10eb18a5c6d1dbbd6f446b3383e06be2bba0ffaf766546473148ff5b8a06c1c2cd3e3d269d7c4045e84fe50d6575efb64104ef361b9526ce15c9b7e

    • SSDEEP

      6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/

    Score
    10/10
    redlinespooinfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks