Overview

overview

10

Static

static

3

220f464b76...f3.exe

windows10-2004-x64

10

2743aa58ac...22.exe

windows7-x64

3

2743aa58ac...22.exe

windows10-2004-x64

10

2ce9158850...93.exe

windows10-2004-x64

10

2d1e7e578c...8f.exe

windows7-x64

3

2d1e7e578c...8f.exe

windows10-2004-x64

10

6a183f77b9...7d.exe

windows10-2004-x64

10

7727481721...74.exe

windows7-x64

3

7727481721...74.exe

windows10-2004-x64

10

951f93d281...f8.exe

windows7-x64

3

951f93d281...f8.exe

windows10-2004-x64

10

9bba18a180...52.exe

windows10-2004-x64

10

a467111c1a...4b.exe

windows10-2004-x64

10

b6b30a924e...0b.exe

windows10-2004-x64

10

bdacff51fa...2b.exe

windows10-2004-x64

10

c37c4fe673...eb.exe

windows10-2004-x64

10

d0f3f32b61...38.exe

windows7-x64

3

d0f3f32b61...38.exe

windows10-2004-x64

10

d353176614...e5.exe

windows10-2004-x64

10

d49811a818...06.exe

windows7-x64

3

d49811a818...06.exe

windows10-2004-x64

10

db044599ba...af.exe

windows7-x64

3

db044599ba...af.exe

windows10-2004-x64

10

e3c9a1721d...3b.exe

windows10-2004-x64

10

ea47879989...93.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    red2.zip

  • Size

    7.7MB

  • Sample

    240513-l1zhmshd5t

  • MD5

    44465972d0d5a4acfa91fd15910c8636

  • SHA1

    36b7bdb40022d666a7f89f07a2b0c2fcef92d85b

  • SHA256

    fc0a70936e6485ae0ce312ce6ff394d0d21759de4bc9ea9b5e01544d951535c2

  • SHA512

    c9b14ca7673a86017a7430c2a3bf58f056aa5507e5424deb138e51a01249fd2f341d656613e140d8b4adcaf7ae853dc44b8bd2068c198798f203a04def63d3c3

  • SSDEEP

    196608:+E1aHTUbQm+sQj06e+0gQhEvFEvkxl0o65U38qaCJObOKgpa2gwqlWvP:+EEpm+zJeTgQ7k70o0qaCJZjmy

Score
10/10
privateloaderredlineriseprostealczgrat519555252953459874207001210066@qwerabusedebromixadiscoveryevasioninfostealerloaderpersistenceratspywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

mixa

C2

185.161.248.75:4132

Attributes
  • auth_value

    9d14534b25ac495ab25b59800acf3bb2

Extracted

Family

stealc

C2

http://147.45.47.71

Attributes
  • url_path

    /eb6f29c6a60b3865.php

Extracted

Family

redline

Botnet

debro

C2

185.161.248.75:4132

Attributes
  • auth_value

    18c2c191aebfde5d1787ec8d805a01a8

Extracted

Family

redline

Botnet

@qwerabuse

C2

45.15.156.167:80

Extracted

Family

redline

Botnet

7001210066

C2

https://pastebin.com/raw/NgsUAPya

Extracted

Family

risepro

C2

194.49.94.152

Extracted

Family

redline

Botnet

5345987420

C2

https://pastebin.com/raw/NgsUAPya

https://pastebin.com/raw/KE5Mft0T

Extracted

Family

redline

Botnet

5195552529

C2

https://pastebin.com/raw/NgsUAPya

Targets

    • Target

      220f464b76f6cb53d1ee73c2d90b0ada5c8cc5d2a80bd9d4fed4a544d73721f3

    • Size

      316KB

    • MD5

      360ffdb3ec16d9d16ead7a7ca87eed0c

    • SHA1

      570cbea4e7c59443a5545c07452bf7dca921ca9d

    • SHA256

      220f464b76f6cb53d1ee73c2d90b0ada5c8cc5d2a80bd9d4fed4a544d73721f3

    • SHA512

      bfe1d93d43acb599049ba62ac30143eac25942b507c3f9231fc3e05fa0d7810149b6af53c6e68437a3df32e5624367d72b0149f0e1872766992f66d9a8724ee0

    • SSDEEP

      6144:Kvy+bnr+ep0yN90QEY6vZrMgXGma0+qSNF1liJHpOZvA0:lMr6y90amNRGfNMpJ0

    Score
    10/10
    redlinemixaevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1

    • Target

      2743aa58ac87e72c969f8baff90a46df51144db6b46e42137bec8f8ffe030422

    • Size

      208KB

    • MD5

      3939a18c836b8e41a6f4e358002de48d

    • SHA1

      13750e204ac84b63fd447cb28f42b8ac8e25033d

    • SHA256

      2743aa58ac87e72c969f8baff90a46df51144db6b46e42137bec8f8ffe030422

    • SHA512

      ab203e30ee850fbb4a3fdae2dda8769597ec96729578f55e61c1fe89e31de23c86f9ae1ca7904a9c5c53dc2c3c3d30096f2da0a220ab2838e923926faf1d7f1f

    • SSDEEP

      3072:KUszX+YhFJOIwz9jnJTvT8GiJIl1yVuTolD3oc+DVWGQ+BsQEp6svwqJSo6BLMs/:TiOYfJDk998JIXygbHXQ+BsQvsv4espF

    Score
    10/10
    redline5345987420discoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral2behavioral3

    • Target

      2ce9158850627f9719e666b3f93a1508443159828dcc0aab91110d608c67b893

    • Size

      488KB

    • MD5

      e497999210c7a29f76267bf656a8d5a8

    • SHA1

      179871c4f25eab45c4590d4392f43109b0436dba

    • SHA256

      2ce9158850627f9719e666b3f93a1508443159828dcc0aab91110d608c67b893

    • SHA512

      9518cf7b92a4b4b56632437bb45950a9e529fe75e2749e404fdf0eb234e462752c3592b59063c511ab4630dbd9238cf8dc8ae94f53d77e9d8cd6e5364e9f88f3

    • SSDEEP

      12288:7Mr6y90Pn98+bCRM+vppKT9t4flMp1NPBL:dyAHCtjBfcrPp

    Score
    10/10
    redlinemixaevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral4

    • Target

      2d1e7e578c80b8d8058a776542e88f81546a3603e80751bef11e72c2329d748f

    • Size

      315KB

    • MD5

      3d4c73f2d10c4ea03e9f55af41a02d7f

    • SHA1

      e9f70b120dbab724b88c37161e5df5d8607d7500

    • SHA256

      2d1e7e578c80b8d8058a776542e88f81546a3603e80751bef11e72c2329d748f

    • SHA512

      05122b99c10edc0ea4b69f471daf0ce182268d505166e05a69757016f7f87b5e031911c8efd0e6722691b236df5bf2bef74f7a315d9c6c2c6d1e363bf9d98f27

    • SSDEEP

      6144:rI9pI60nbM8uPZy3+8KID2YuDUtMXVgbhAZdxldn+kXHS:s9+60nbnuNYV2glAnjJZHS

    Score
    10/10
    redline5345987420discoveryinfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral5behavioral6

    • Target

      6a183f77b983e6c003810991feea77693c5603a5e5ebca149d3e4ecfdcc2827d

    • Size

      769KB

    • MD5

      4dfeaa231c4fc0485c09275c5c9f1d18

    • SHA1

      e1d24d0987cc158889fe7383c177c85875c4b33b

    • SHA256

      6a183f77b983e6c003810991feea77693c5603a5e5ebca149d3e4ecfdcc2827d

    • SHA512

      f9daf8b0c8b33d6540bc7c11a2cdba9b9558d5093a9f15a7484ee5d41d973ef72cdd446af190a3d13e4a84d1547bfd0cf093500194399ccf0a3b4a78af54a4d0

    • SSDEEP

      12288:/Mryy90VCFFafw38ohrSMioWCW33fCKSOEEaeKTNDLqmNwHAkrzdaTR4UMqxB/jz:py4Whhy6+BEEaeKTNDGSN/M4lCsB1

    Score
    10/10
    redlinedebroevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral7

    • Target

      77274817210948a1fbb7d40ad1a99460ad22b9558203091765c377ab9b074874

    • Size

      208KB

    • MD5

      47a48930888e190fdf03fb059e7de474

    • SHA1

      c155265a215b375f2caf326bfc614ad164ad3a61

    • SHA256

      77274817210948a1fbb7d40ad1a99460ad22b9558203091765c377ab9b074874

    • SHA512

      a7dc68c80831365592e413e042f4997bc06430d106d202c35df276e4cadcfbbff2ebf53c8d3596382ab8c7a6914b4898e978ec2644db6e66a62d7940da913006

    • SSDEEP

      3072:p3EzoOopVBOQwz9znJTvT8XB6I7Ho5JGbtohOkWgOe1MpcbSBLMspN:pqhonBb09t0ZLWJGpJgrupwSespN

    Score
    10/10
    redline5195552529discoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral8behavioral9

    • Target

      951f93d281b72cbee616455728a3885d88e2ce7083c529de95ab9de3efe14ff8

    • Size

      248KB

    • MD5

      3bbed8da8e3a21895e4ba9ebce954c84

    • SHA1

      c3481104afbd23524a03479d90076bc26fd576cf

    • SHA256

      951f93d281b72cbee616455728a3885d88e2ce7083c529de95ab9de3efe14ff8

    • SHA512

      1fcf2391859a1acbb03fdf7e55a1ca3ac3b2bd03e7214d8065c41e4ead8389ac00929a31102e36f171f9eb73e24bb670e52e595409d385a96c81cb643cdf6133

    • SSDEEP

      6144:IaRI3xL/9tToM3IdVLU8tck4D5YupM7g4BEzdespd:I8Il90bAg4DF4BEkspd

    Score
    10/10
    stealcdiscoveryspywarestealer

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral10behavioral11

    • Target

      9bba18a18011c572ee6b56cde220be7a07f51e4e0f2cdf0a4ebaf3bd06feca52

    • Size

      488KB

    • MD5

      4d0af6791a4c8f1017b42ffc9359e847

    • SHA1

      e236deac47d484605723936e905b5b9fe5c8d428

    • SHA256

      9bba18a18011c572ee6b56cde220be7a07f51e4e0f2cdf0a4ebaf3bd06feca52

    • SHA512

      dc4fe46ef0f9144a2392388dc1801733d755034a6083cb6c38d8b9a4f3b3fac94e92bf4512d5b6b073612190f710e6f58810ab9497dda53fe3faa8fc18603caa

    • SSDEEP

      12288:CMrIy90kaycy09XfhPA4h1Uqn0l190xbtWl:OyoyD09m4h1UqnGYxol

    Score
    10/10
    redlinedebroinfostealerpersistence

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral12

    • Target

      a467111c1a7dd3af8188b3fd8536d689b84b136a58f62e8366f78d309b1bad4b

    • Size

      316KB

    • MD5

      3f28a220d555d7f84763f4fe14c5e30e

    • SHA1

      6844171e7db3af8480e85c49732e8e26c0fea7fc

    • SHA256

      a467111c1a7dd3af8188b3fd8536d689b84b136a58f62e8366f78d309b1bad4b

    • SHA512

      7ede895705631dfabdf2fb5a700495ed6aa265328c9d51edabbccaf8e1ed60661dfabba15c2e667191e02ec9694299fbb88a0a5c236b5590f28c0ec648aef08c

    • SSDEEP

      6144:KHy+bnr+Xp0yN90QEU6vZrMgX3eYK41E8OBURKaJjl:5Mr7y90emN3rKWOmEaz

    Score
    10/10
    redlinedebroevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral13

    • Target

      b6b30a924e3f969aba356b4a964cb4abb9fddd40a9a6d9068144b799e997a80b

    • Size

      769KB

    • MD5

      3d766587e52855bf541c62f777efa455

    • SHA1

      21665033b9cf03050f016dede36990b37968ddef

    • SHA256

      b6b30a924e3f969aba356b4a964cb4abb9fddd40a9a6d9068144b799e997a80b

    • SHA512

      2070a54c14cf24b80d1d9aa0203ffdb17e48b79212b296c6982a15c79ad023f40c3e9d3e51af12675e28e2b62acd2ba2166621df38fa78fb9f2d47efd1430d14

    • SSDEEP

      12288:6Mr/y90GlTMDFbYUzxQ8UY757qnC2CpMKK8O4WaKWPZA7o4l+jKoIikP+SYaI:1yje5z28TlmUo4WaKwOo2+jpvkNi

    Score
    10/10
    redlinedebroevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral14

    • Target

      bdacff51fa5404ce6f24b89ee15c9de1591f3b0671ffcdead018c8136b56522b

    • Size

      769KB

    • MD5

      3bde8d4d11d1b88c76a466f3d1f34597

    • SHA1

      b2aa234cf8cff2c0c5ef85b4788a57fc6b74a22c

    • SHA256

      bdacff51fa5404ce6f24b89ee15c9de1591f3b0671ffcdead018c8136b56522b

    • SHA512

      c6b21900ca1ea450807bb70dfbdf3190b82cb6a7f83dc17e830328ec40694443f5b90696f9cecce49978540e9ee77794b8e1385c549d85b133e2c1e12ff9a80a

    • SSDEEP

      12288:5Mr5y90mOrYMvDIyWIbVTmR39GKNOdcaIc/cstSuz1U1oaI9z1mMNHVx2WKM:Ayrny4MdcalcC1U6HVsWKM

    Score
    10/10
    redlinedebroevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral15

    • Target

      c37c4fe673daf8c4e8e21c607e393cc10eaf650294d08cb4f702da5fa23f0eeb

    • Size

      488KB

    • MD5

      e2f1945db2d8b09ce0863f06b10793fb

    • SHA1

      d4097df537b990222d4b7b01661ea99167026b7d

    • SHA256

      c37c4fe673daf8c4e8e21c607e393cc10eaf650294d08cb4f702da5fa23f0eeb

    • SHA512

      f4d9ef38bfc3688b57042c3a186c34e142f8ca475669f6ec9a1d817c957f7809de26514fd40e27236080e8faf4569b64950e823f401175064161f13fa377123b

    • SSDEEP

      6144:Kiy+bnr+5p0yN90QEkK5LnkW4nZNMlb235upK9zNDUWLIoma0AqSzF1LiCHpjZ70:WMrty90p5Ltw5upKz9G4fz5pXmLmVU

    Score
    10/10
    redlinemixaevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral16

    • Target

      d0f3f32b61b9e8c20cd73d28b21a5e034041570a81ffd7bddcd760bc2f8a5538

    • Size

      501KB

    • MD5

      481a6a93cdc1991a33aa1619235084ac

    • SHA1

      505d3069c350fdc7750bd23d89985c831bd1c01c

    • SHA256

      d0f3f32b61b9e8c20cd73d28b21a5e034041570a81ffd7bddcd760bc2f8a5538

    • SHA512

      ca08faf83252809be0f8f33343d4ff4e9742d68dcd86e04e2b17eda41ccb245042856dbf73fb1b3742ee27491d9f236d1dbfa91782ead8b09c9dc26f883478fb

    • SSDEEP

      12288:6ZJQdCWme3O0X4aclyuoxVj0RteVtD57qyL98V:CedCWdofyuoxVj0RtqD1Z+

    Score
    10/10
    redline@qwerabuseinfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Suspicious use of SetThreadContext

    behavioral17behavioral18

    • Target

      d353176614b7dd329d9f436d6a34f007c32540fac4c5f4e3f2884d89ed599fe5

    • Size

      488KB

    • MD5

      e6a588dedbf9392a89dd519d40515437

    • SHA1

      4a3083750936eb7e16b7efad425452d6c1c6278f

    • SHA256

      d353176614b7dd329d9f436d6a34f007c32540fac4c5f4e3f2884d89ed599fe5

    • SHA512

      2bb4912a75594d1daaa20812b390494e03a9cfd5119ea5c7b0809063111b8e5bc0afc9309b96b8586bc6c6ad1e54f3c6e0621bf6c40f094507a372c40a411b44

    • SSDEEP

      12288:hMr2y90o/lhAQkVLWuMJUO9vCsde3OE3o2Vim:7yBKQsyudO9vbP27

    Score
    10/10
    redlinedebroinfostealerpersistence

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral19

    • Target

      d49811a818845606218cd8436043886ebf6fa2d750248ad4f7f09d197c31db06

    • Size

      1.2MB

    • MD5

      e6d4ccad375cff5e8d42d28878c73dbb

    • SHA1

      a9189ec9303816b6fb13f7cfb5fdd5cc98ca9e25

    • SHA256

      d49811a818845606218cd8436043886ebf6fa2d750248ad4f7f09d197c31db06

    • SHA512

      53cfc8537599e81c45112fa9c8f755909ace92abf2d9e619db2623e39154a089679c118937e96458b1ae26b483843d6bcb78ff02a7d1058adc73e637ff542f2e

    • SSDEEP

      24576:+KxKiAH280V6GfVDeRz1ZMskLXUD5H98PIyR5yVpGlYs:+K4OV6GfVDe/eu2PzR5yVHs

    Score
    10/10
    redlinezgratdiscoveryinfostealerratspywarestealer

    • Detect ZGRat V1

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral20behavioral21

    • Target

      db044599ba62c9a98e024ecd1f465c8f39790d7683b22c64327635e0d2c0b4af

    • Size

      332KB

    • MD5

      35924c0bb15b01b386378fac7c0aaa08

    • SHA1

      dded29dbba3f32350573ad107ffb5b0d7e670b7a

    • SHA256

      db044599ba62c9a98e024ecd1f465c8f39790d7683b22c64327635e0d2c0b4af

    • SHA512

      d19f2648bbcbea5b132f57b4f832fc96fcacec58cbc1b2cec86354a9ddcb9b6d353082cc725d0a66222c582bda02e77d1ea19f2108ed216d547cc26718a64f91

    • SSDEEP

      6144:WC6qcZ/Rjo7JY0n9J493SvUMwEgygh/Z9lkarsK+7iLwAw+dj3hGK0Xp:Wowo7JY0n90XygBXHsBiDj3hz0Xp

    Score
    10/10
    redline7001210066discoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral22behavioral23

    • Target

      e3c9a1721d8f0eecf6a7e81b32b9823a4952d636d4930a9cdfae0876cf293d3b

    • Size

      1.1MB

    • MD5

      4c57105730828c98c61e10949fc25950

    • SHA1

      b018b8964a21ec971d7a8e3480ce28976012374c

    • SHA256

      e3c9a1721d8f0eecf6a7e81b32b9823a4952d636d4930a9cdfae0876cf293d3b

    • SHA512

      ead8b5fc20e1a9f2125f2f7338edc844f80415ef768f02753dcdc51140b811ae2fb60f0d77226418a433746a28c81296f1a8b41333eb6b7c59c9f52f82e1f378

    • SSDEEP

      24576:8yqOw0U5IPpj5uiUgnhUaO6O/xaGRxr01X:rq50U5gpJUD6lGRp

    Score
    10/10
    privateloaderriseproloaderpersistencestealer

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

      loaderprivateloader

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

      stealerrisepro

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral24

    • Target

      ea47879989afdae64e6a2fd1bdd521ed8a7eee7611d92cfa24311d7f31d22c93

    • Size

      316KB

    • MD5

      473f819209e2b739e186e49c007b0500

    • SHA1

      a0a9d81885ff41dd92727df0edea5f8956d3cc9b

    • SHA256

      ea47879989afdae64e6a2fd1bdd521ed8a7eee7611d92cfa24311d7f31d22c93

    • SHA512

      54401da33c393750646bd884ec253603b8cfb358b66ac8da6676c06d37d14cbcc89b84656a903bded8b8f3b50e024ebfbb7411635f715c275c7d6c9bafa92a13

    • SSDEEP

      6144:KVy+bnr+Bp0yN90QER6vZrMgXGma0+qSNF1lieHpPZ7r:jMrty90XmNRGfNfpt

    Score
    10/10
    redlinemixaevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral25

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Scheduled Task/Job

1
T1053

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Scheduled Task/Job

1
T1053

Defense Evasion

Impair Defenses

2
T1562

Disable or Modify Tools

2
T1562.001

Modify Registry

4
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Unsecured Credentials

3
T1552

Credentials In Files

3
T1552.001

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

3
T1005

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks

static1

Score
3/10

behavioral1

redlinemixaevasioninfostealerpersistencetrojan
Score
10/10

behavioral2

Score
3/10

behavioral3

redline5345987420discoveryinfostealerspywarestealer
Score
10/10

behavioral4

redlinemixaevasioninfostealerpersistencetrojan
Score
10/10

behavioral5

Score
3/10

behavioral6

redline5345987420discoveryinfostealer
Score
10/10

behavioral7

redlinedebroevasioninfostealerpersistencetrojan
Score
10/10

behavioral8

Score
3/10

behavioral9

redline5195552529discoveryinfostealerspywarestealer
Score
10/10

behavioral10

Score
3/10

behavioral11

stealcdiscoveryspywarestealer
Score
10/10

behavioral12

redlinedebroinfostealerpersistence
Score
10/10

behavioral13

redlinedebroevasioninfostealerpersistencetrojan
Score
10/10

behavioral14

redlinedebroevasioninfostealerpersistencetrojan
Score
10/10

behavioral15

redlinedebroevasioninfostealerpersistencetrojan
Score
10/10

behavioral16

redlinemixaevasioninfostealerpersistencetrojan
Score
10/10

behavioral17

Score
3/10

behavioral18

redline@qwerabuseinfostealer
Score
10/10

behavioral19

redlinedebroinfostealerpersistence
Score
10/10

behavioral20

Score
3/10

behavioral21

redlinezgratdiscoveryinfostealerratspywarestealer
Score
10/10

behavioral22

Score
3/10

behavioral23

redline7001210066discoveryinfostealerspywarestealer
Score
10/10

behavioral24

privateloaderriseproloaderpersistencestealer
Score
10/10

behavioral25

redlinemixaevasioninfostealerpersistencetrojan
Score
10/10