Overview

overview

10

Static

static

3

2d8e62d81d...2a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2d8e62d81d0b497714a61e9fba8a297e969e9bb9cc29f95e20d9c7f2f64e472a

  • Size

    729KB

  • Sample

    240525-ystnmsha26

  • MD5

    2cf2cb1c22aede8fd8a995f4f073ec71

  • SHA1

    ce921866530f90bd63359b379292233cf202d733

  • SHA256

    2d8e62d81d0b497714a61e9fba8a297e969e9bb9cc29f95e20d9c7f2f64e472a

  • SHA512

    d996fcab5b013c5cb9ffaba403d56c81bb2fdc57ae9ed43ccc2a7c95770b3eb173b014a8a693aa45e4e45c46e94c62b72c00b88f461a3e8a30422a1fc5ab8749

  • SSDEEP

    12288:EzKy90JE0kP5xBRWOp4ATeD1uNaDMFrOszYl9tFbrYdCYBXA5XmvNt:FyG4mq6sFShrbr4bXGXe

Score
10/10
redlinefurgainfostealerpersistence

Malware Config

Extracted

Family

redline

Botnet

furga

C2

83.97.73.128:19071

Attributes
  • auth_value

    1b7af6db7a79a3475798fcf494818be7

Targets

    • Target

      2d8e62d81d0b497714a61e9fba8a297e969e9bb9cc29f95e20d9c7f2f64e472a

    • Size

      729KB

    • MD5

      2cf2cb1c22aede8fd8a995f4f073ec71

    • SHA1

      ce921866530f90bd63359b379292233cf202d733

    • SHA256

      2d8e62d81d0b497714a61e9fba8a297e969e9bb9cc29f95e20d9c7f2f64e472a

    • SHA512

      d996fcab5b013c5cb9ffaba403d56c81bb2fdc57ae9ed43ccc2a7c95770b3eb173b014a8a693aa45e4e45c46e94c62b72c00b88f461a3e8a30422a1fc5ab8749

    • SSDEEP

      12288:EzKy90JE0kP5xBRWOp4ATeD1uNaDMFrOszYl9tFbrYdCYBXA5XmvNt:FyG4mq6sFShrbr4bXGXe

    Score
    10/10
    redlinefurgainfostealerpersistence

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Detects executables packed with ConfuserEx Mod

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks