Overview

overview

10

Static

static

3

17ac37b494...10.exe

windows7-x64

10

17ac37b494...10.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    17ac37b4946539fa7fa68b12bd80946d340497a7971802b5848830ad99ea1e10.exe

  • Size

    314KB

  • Sample

    240918-hd3d8sxgjn

  • MD5

    ff5afed0a8b802d74af1c1422c720446

  • SHA1

    7135acfa641a873cb0c4c37afc49266bfeec91d8

  • SHA256

    17ac37b4946539fa7fa68b12bd80946d340497a7971802b5848830ad99ea1e10

  • SHA512

    11724d26e11b3146e0fc947c06c59c004c015de0afea24ec28a4eb8145fcd51e9b70007e17621c83f406d9aeb7cd96601245671d41c3fcc88a27c33bd7cf55ac

  • SSDEEP

    6144:/6ZNaeEuexVOkKu/A9UZMOqMVr57KLMLPQ5uRXg6hUm8:/BvOkHPEUsYLeIXgDm8

Score
10/10
redlinetg cloud @rlreborn admin @fatherofcarderscredential_accessdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

TG CLOUD @RLREBORN Admin @FATHEROFCARDERS

C2

89.105.223.196:29862

Targets

    • Target

      17ac37b4946539fa7fa68b12bd80946d340497a7971802b5848830ad99ea1e10.exe

    • Size

      314KB

    • MD5

      ff5afed0a8b802d74af1c1422c720446

    • SHA1

      7135acfa641a873cb0c4c37afc49266bfeec91d8

    • SHA256

      17ac37b4946539fa7fa68b12bd80946d340497a7971802b5848830ad99ea1e10

    • SHA512

      11724d26e11b3146e0fc947c06c59c004c015de0afea24ec28a4eb8145fcd51e9b70007e17621c83f406d9aeb7cd96601245671d41c3fcc88a27c33bd7cf55ac

    • SSDEEP

      6144:/6ZNaeEuexVOkKu/A9UZMOqMVr57KLMLPQ5uRXg6hUm8:/BvOkHPEUsYLeIXgDm8

    Score
    10/10
    redlinetg cloud @rlreborn admin @fatherofcarderscredential_accessdiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks