Overview

overview

10

Static

static

1

bf971fc281...62.exe

windows7-x64

1

bf971fc281...62.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bf971fc281a59d5f8fd965bc0759e960f3a542e3ed4d37c609d468cb9789ce62.exe

  • Size

    81.0MB

  • Sample

    240628-b55kcaxbqj

  • MD5

    2262f88eb3f606208bfa9a79f45b9a28

  • SHA1

    fdb30d07c16e7c29a6acf074573dde723c754577

  • SHA256

    bf971fc281a59d5f8fd965bc0759e960f3a542e3ed4d37c609d468cb9789ce62

  • SHA512

    7ba80a3adc4287da0c7a55746add7a01ae81af2dd4d2d07ef3d968d1aea20b88dc6416ef2f3386b16dfdab4d1c02361fad48207cd0b02580c9cbdefac7da6a9f

  • SSDEEP

    786432:Z/i5Kul6pr3WPPzaCmoFuTF0XUZpMgniP3l3gennj2S:ZkASPr2pMgZUiS

Score
10/10
redline5213892547_99executioninfostealerspyware

Malware Config

Extracted

Family

redline

Botnet

5213892547_99

C2

https://t.me/+J_Z1QGHfHko0MGZi*https://steamcommunity.com/id/elcadillac

Targets

    • Target

      bf971fc281a59d5f8fd965bc0759e960f3a542e3ed4d37c609d468cb9789ce62.exe

    • Size

      81.0MB

    • MD5

      2262f88eb3f606208bfa9a79f45b9a28

    • SHA1

      fdb30d07c16e7c29a6acf074573dde723c754577

    • SHA256

      bf971fc281a59d5f8fd965bc0759e960f3a542e3ed4d37c609d468cb9789ce62

    • SHA512

      7ba80a3adc4287da0c7a55746add7a01ae81af2dd4d2d07ef3d968d1aea20b88dc6416ef2f3386b16dfdab4d1c02361fad48207cd0b02580c9cbdefac7da6a9f

    • SSDEEP

      786432:Z/i5Kul6pr3WPPzaCmoFuTF0XUZpMgniP3l3gennj2S:ZkASPr2pMgZUiS

    Score
    10/10
    redline5213892547_99executioninfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks