redline | 07a3a8db3d5bb4b30e84ead1309b5999910a005d093854a39ef8ba581b35fcd9 | Triage

Submit
Reports

Overview

overview

Static

static

2AC14F94C1...A8.exe

windows7_x64

1

2AC14F94C1...A8.exe

windows10_x64

Sharing

General

Target

2AC14F94C1E8E27D024067015EE16FA8.exe
Size

266KB
Sample

210522-mw4hggx1qe
MD5

2ac14f94c1e8e27d024067015ee16fa8
SHA1

3b0e0d040c0b9bb18bdc2e1dbaf2449edb549545
SHA256

07a3a8db3d5bb4b30e84ead1309b5999910a005d093854a39ef8ba581b35fcd9
SHA512

55d3462c28f97eeb6fb18c7206ce1d7a187f67cb8f143d6a9957fdd22cd48744225f15353d638196f8157c2e9e43946bbe7c8f30cf77a665143b55195788237d

Score

10^/10

redline vkeylogger 1 infostealer keylogger persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

2AC14F94C1E8E27D024067015EE16FA8.exe

Resource

win7v20210408

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

2AC14F94C1E8E27D024067015EE16FA8.exe

Resource

win10v20210410

redline vkeylogger 1 infostealer keylogger persistence spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

1

C2

162.55.177.230:3483

Targets

- Target
  
  2AC14F94C1E8E27D024067015EE16FA8.exe
- Size
  
  266KB
- MD5
  
  2ac14f94c1e8e27d024067015ee16fa8
- SHA1
  
  3b0e0d040c0b9bb18bdc2e1dbaf2449edb549545
- SHA256
  
  07a3a8db3d5bb4b30e84ead1309b5999910a005d093854a39ef8ba581b35fcd9
- SHA512
  
  55d3462c28f97eeb6fb18c7206ce1d7a187f67cb8f143d6a9957fdd22cd48744225f15353d638196f8157c2e9e43946bbe7c8f30cf77a665143b55195788237d
Score

10^/10

redline vkeylogger 1 infostealer keylogger persistence spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- VKeylogger
  A keylogger first seen in Nov 2020.
  stealer keylogger vkeylogger
- VKeylogger Payload
- Downloads MZ/PE file
- Executes dropped EXE
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

redlinevkeylogger1infostealerkeyloggerpersistencespywarestealer

© 2018-2024

Terms | Privacy