Overview

overview

10

Static

static

3

b47f145575...16.exe

windows7-x64

10

b47f145575...16.exe

windows10-2004-x64

10

$TEMP/K3M6...22.exe

windows7-x64

10

$TEMP/K3M6...22.exe

windows10-2004-x64

10

$TEMP/Self...ed.exe

windows7-x64

8

$TEMP/Self...ed.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b47f14557520a91ca888aa122d5816a21762e25535e24adc62351baf7edd3916.exe

  • Size

    4.6MB

  • Sample

    241123-mzzyfszlfk

  • MD5

    35f1a7f185a05f2530238f7fb1f75206

  • SHA1

    c8beeb9a3a6272305c8d4a99f29fc0f30b45f662

  • SHA256

    b47f14557520a91ca888aa122d5816a21762e25535e24adc62351baf7edd3916

  • SHA512

    f2f91e61e24e7aa4c9130658151d5fa4a20d5bc999af0e425faf98a7d64b6c789f5a861177a2ef8c51fff6ce202ee9e0e0a4d66c866ac88deeda222c8f53f345

  • SSDEEP

    98304:Uq8eNY5p0ExtC6RpPwVsniC5u/BDLTABEp0moOjtchoKCq:Uqup0Ex8ArMdPABEp0pAKhfCq

Score
10/10
redline@zxckostyan4ikdiscoveryexecutioninfostealer

Malware Config

Extracted

Family

redline

Botnet

@zxckostyan4ik

C2

95.181.152.6:46927

Attributes
  • auth_value

    cdf3919a262c0d6ba99116b375d7551c

Targets

    • Target

      b47f14557520a91ca888aa122d5816a21762e25535e24adc62351baf7edd3916.exe

    • Size

      4.6MB

    • MD5

      35f1a7f185a05f2530238f7fb1f75206

    • SHA1

      c8beeb9a3a6272305c8d4a99f29fc0f30b45f662

    • SHA256

      b47f14557520a91ca888aa122d5816a21762e25535e24adc62351baf7edd3916

    • SHA512

      f2f91e61e24e7aa4c9130658151d5fa4a20d5bc999af0e425faf98a7d64b6c789f5a861177a2ef8c51fff6ce202ee9e0e0a4d66c866ac88deeda222c8f53f345

    • SSDEEP

      98304:Uq8eNY5p0ExtC6RpPwVsniC5u/BDLTABEp0moOjtchoKCq:Uqup0Ex8ArMdPABEp0pAKhfCq

    Score
    10/10
    redline@zxckostyan4ikdiscoveryexecutioninfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      $TEMP/K3M6Ljh9fd22.exe

    • Size

      881KB

    • MD5

      ce5a9ec35a54e669820589d15f1faa07

    • SHA1

      68a5aaa46aa2ce2c3083486f8e265e050cd421ac

    • SHA256

      a5317940f3f36d4c047ef70fcef5aedcdcdb0d9afae7ccfb3220190f09dab15b

    • SHA512

      eb097778c480b9e1bd396895ef86727997cb1c0bd1c3d6863a3d711216c2ce64d1ff647987b57c0e67b9b9673526cd28bc83aaf7177e11a9b348e2960f535131

    • SSDEEP

      12288:X7R++fMJpn22QJZu4+miW4C0mk/6K3aY6Lla4+4RWkepjQEppJjZwtGwfi2FsYD5:rRanLQJZu/Bmki6ExdepH7AhEYFpYq

    Score
    10/10
    redline@zxckostyan4ikdiscoveryinfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline
    behavioral3behavioral4

    • Target

      $TEMP/Selfconvened.exe

    • Size

      4.5MB

    • MD5

      64b5e984fda860eedf19c29a124094fb

    • SHA1

      760c195741989e17b48ad52c13bed35e8ea51692

    • SHA256

      1f47c67d3baa635c4b7dd2bfed0a26a6bd499c3ab5a64d10b391a52e7d71ba39

    • SHA512

      187dbbc7137db41da77dd5c3d1471f82b157d031653109632adb9c49ea519f452b661cfd1845512661dcdb3b00bf2a02b2c3504406fb19ad89b06fcd6afee4e4

    • SSDEEP

      98304:xLIWL25lsofrCgl5PmHGjCYv8LHPrVWPa5Qwy:Fslsofuit0bJWPa5QJ

    Score
    8/10
    execution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks