Overview

overview

10

Static

static

3

a69a16cb35...f8.exe

windows7-x64

3

a69a16cb35...f8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a69a16cb3567660ed3222c34dfbadfeea81ab243022955e1d33d3aa877c496f8.exe

  • Size

    265KB

  • Sample

    240605-cgqa7abg69

  • MD5

    c0fb16f51290c7961469e5defdded82d

  • SHA1

    dbd204cc9a078a3631dbcacebf14bdd6b5023b50

  • SHA256

    a69a16cb3567660ed3222c34dfbadfeea81ab243022955e1d33d3aa877c496f8

  • SHA512

    2af8ad9019912ba5028ade84ffc79323bc439f6d6d46857e566324e5a5461f486a0ca1697350f04752bcef19e4ae8a96591fc906e96da350e3850e34da05c23b

  • SSDEEP

    6144:g5LHgDcXDXO5TGVvYaBN6BBaS9OyS36up:gZHgDcbYaBNqBaS9qKup

Score
10/10
redline5345987420discoveryinfostealer

Malware Config

Extracted

Family

redline

Botnet

5345987420

C2

https://pastebin.com/raw/NgsUAPya

Targets

    • Target

      a69a16cb3567660ed3222c34dfbadfeea81ab243022955e1d33d3aa877c496f8.exe

    • Size

      265KB

    • MD5

      c0fb16f51290c7961469e5defdded82d

    • SHA1

      dbd204cc9a078a3631dbcacebf14bdd6b5023b50

    • SHA256

      a69a16cb3567660ed3222c34dfbadfeea81ab243022955e1d33d3aa877c496f8

    • SHA512

      2af8ad9019912ba5028ade84ffc79323bc439f6d6d46857e566324e5a5461f486a0ca1697350f04752bcef19e4ae8a96591fc906e96da350e3850e34da05c23b

    • SSDEEP

      6144:g5LHgDcXDXO5TGVvYaBN6BBaS9OyS36up:gZHgDcbYaBNqBaS9qKup

    Score
    10/10
    redline5345987420discoveryinfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks