redline | d8a12da66c3b95e1f2dc9c7e5667a5baf7dbdbbaff01f342222dc696c07455fa | Triage

Submit
Reports

Overview

overview

Static

static

22F9967C01...F5.exe

windows7_x64

22F9967C01...F5.exe

windows10_x64

Resubmissions

10-05-2021 10:26

210510-51q2zwvjce 10

Sharing

General

Target

22F9967C010BF3B752D56BCDEE846BF5.exe
Size

612KB
Sample

210510-51q2zwvjce
MD5

22f9967c010bf3b752d56bcdee846bf5
SHA1

688b82c1eb648ee5eea04042da253d77c706f945
SHA256

d8a12da66c3b95e1f2dc9c7e5667a5baf7dbdbbaff01f342222dc696c07455fa
SHA512

b4dfd895af0f98de30d6446e847e3451c8d8fa7a6571aaac7db3c0fd40febc982e52035af709db3bba68b0e19037ee71443863b25ed3d5dcc13bb0375d69c3c6

Score

10^/10

redline source1 evasion infostealer spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

22F9967C010BF3B752D56BCDEE846BF5.exe

Resource

win7v20210408

redline source1 evasion infostealer spyware trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

22F9967C010BF3B752D56BCDEE846BF5.exe

Resource

win10v20210410

redline source1 infostealer spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

source1

C2

199.195.251.96:43073

Targets

- Target
  
  22F9967C010BF3B752D56BCDEE846BF5.exe
- Size
  
  612KB
- MD5
  
  22f9967c010bf3b752d56bcdee846bf5
- SHA1
  
  688b82c1eb648ee5eea04042da253d77c706f945
- SHA256
  
  d8a12da66c3b95e1f2dc9c7e5667a5baf7dbdbbaff01f342222dc696c07455fa
- SHA512
  
  b4dfd895af0f98de30d6446e847e3451c8d8fa7a6571aaac7db3c0fd40febc982e52035af709db3bba68b0e19037ee71443863b25ed3d5dcc13bb0375d69c3c6
Score

10^/10

redline source1 evasion infostealer spyware trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

redlinesource1evasioninfostealerspywaretrojan

behavioral2

redlinesource1infostealerspyware

© 2018-2024

Terms | Privacy