Overview

overview

10

Static

static

3

5bb60b2343...be.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5bb60b23436c08afdd8a63e1d850cb1088a324801cb5c9df376ec77d94e7fabe

  • Size

    1.5MB

  • Sample

    240501-12ft9ahb7x

  • MD5

    859dcc7c4c34d07895e38361d95dd45d

  • SHA1

    e8f9b0822191ead93728a95bac56e05233b5a033

  • SHA256

    5bb60b23436c08afdd8a63e1d850cb1088a324801cb5c9df376ec77d94e7fabe

  • SHA512

    a7565da97fc7a868ec4f6dd07bea6961f366a15de0cd2619d80e2ff0c1b9c334076f1fc4e7317212e98344fca001ade21cd9889c5208bc6a28179da9ff25f1e3

  • SSDEEP

    24576:oyWSwJ/NDfYh4mi85jlskYiMUF2tLJIE2ol1WbTqn6lgqFu7q:vWSiNDfY2mi8NarOF6qhGZ6uIu7

Score
10/10
redlinemostinfostealerpersistence

Malware Config

Extracted

Family

redline

Botnet

most

C2

185.161.248.73:4164

Attributes
  • auth_value

    7da4dfa153f2919e617aa016f7c36008

Targets

    • Target

      5bb60b23436c08afdd8a63e1d850cb1088a324801cb5c9df376ec77d94e7fabe

    • Size

      1.5MB

    • MD5

      859dcc7c4c34d07895e38361d95dd45d

    • SHA1

      e8f9b0822191ead93728a95bac56e05233b5a033

    • SHA256

      5bb60b23436c08afdd8a63e1d850cb1088a324801cb5c9df376ec77d94e7fabe

    • SHA512

      a7565da97fc7a868ec4f6dd07bea6961f366a15de0cd2619d80e2ff0c1b9c334076f1fc4e7317212e98344fca001ade21cd9889c5208bc6a28179da9ff25f1e3

    • SSDEEP

      24576:oyWSwJ/NDfYh4mi85jlskYiMUF2tLJIE2ol1WbTqn6lgqFu7q:vWSiNDfY2mi8NarOF6qhGZ6uIu7

    Score
    10/10
    redlinemostinfostealerpersistence

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Detects executables packed with ConfuserEx Mod

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks