Overview

overview

10

Static

static

3

excellent.exe

windows10-2004-x64

10

libGLESv2.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    excellent.rar

  • Size

    8.2MB

  • Sample

    240628-wp1lnsxhpg

  • MD5

    74390a2247fd11601ddbe918121b2a2a

  • SHA1

    67986feefd597389e1fc1d8386af318100f446a2

  • SHA256

    0a31cb7d5b2cdaec7287a6e3a9338f7da9922b85693d5111aa50ec43dde3d3de

  • SHA512

    05be574b9b39197e7da11949a9e8d8d07eefffcdd91b26127356e53f0952c03d8e5668b9bffc3fefe8b67ea35fdc292c70275981312b7516afd11dd4f87ace9f

  • SSDEEP

    196608:tDT22I/nk9psflVIhoFaTQRn4gE+trIghtZmUmvBH:tDLI/nYUlVJRBDEgrIgh6Xvd

Score
10/10
redline6627938439_99infostealerspyware

Malware Config

Extracted

Family

redline

Botnet

6627938439_99

C2

https://t.me/+J_Z1QGHfHko0MGZi*https://steamcommunity.com/id/elcadillac

Targets

    • Target

      excellent.exe

    • Size

      296KB

    • MD5

      efad4f96f696391769ef9944978dbb3b

    • SHA1

      42ad30f7af140544eaeb8cc32d8fe5568aca8944

    • SHA256

      26e9f0c78dde027c60eeacca5852a8f08853c440048ae45cbb054fd12e0cddd2

    • SHA512

      427b793cd433be1251d8348a5d788ff4c927c5c78c6d2ad15a5de4de64f57e1c0182534d180de388734e28a4563f1b92fc30f1365356bd2fe6546beaf6da9da4

    • SSDEEP

      6144:KL4miZW6NAIn7RMWhrWzMCx5T2exIT4tifYfcDVn0Q0+A9b/pcvEV:KEI5I7XCMCx5T2exIT4tifYfcDVn0Q0n

    Score
    10/10
    redline6627938439_99infostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1

    • Target

      libGLESv2.dll

    • Size

      6.8MB

    • MD5

      90ad3c47740fce98015444d1289af9b9

    • SHA1

      0135a04b2b590e1647e3a2b123596d62d57fece0

    • SHA256

      2082c51a86bc8b7cd5e69cf5d43914efe5d939c90503539d657fde7915a95ae1

    • SHA512

      40bdd65a9fa761bd3835ea9fb8c4c4d90531253d9dc7183d59c2051a627afc8b267d8de7e7478396e9fb779796f2b7e9b012564446671b4ed06427de5e93689e

    • SSDEEP

      98304:WYasIDptJ/QOjZfU5Q9S6Vaem7EdGSfhgbMKl4F:WJJd59Hk392thgbMim

    Score
    1/10
    behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks