redline | e254914f5f7feb6bf10041e2c705d469bc2b292d709dc944381db5911beb1d9f | Triage

Submit
Reports

Overview

overview

Static

static

e254914f5f...1).exe

windows7_x64

e254914f5f...1).exe

windows10_x64

Sharing

General

Target

e254914f5f7feb6bf10041e2c705d469bc2b292d709dc944381db5911beb1d9f (1)
Size

1009KB
Sample

210905-vszccahga8
MD5

7e06ee9bf79e2861433d6d2b8ff4694d
SHA1

28de30147de38f968958e91770e69ceb33e35eb5
SHA256

e254914f5f7feb6bf10041e2c705d469bc2b292d709dc944381db5911beb1d9f
SHA512

225cd5e37dbc29aad1d242582748457112b0adb626541a6876c2c6a0e6a27d986791654fd94458e557c628dc16db17f22db037853fae7c41dde34ba4e7245081

Score

10^/10

redline build1 infostealer persistence

Static task

static1

Behavioral task

behavioral1

Sample

e254914f5f7feb6bf10041e2c705d469bc2b292d709dc944381db5911beb1d9f (1).exe

Resource

win7-en

redline build1 infostealer persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

e254914f5f7feb6bf10041e2c705d469bc2b292d709dc944381db5911beb1d9f (1).exe

Resource

win10v20210408

redline build1 infostealer persistence

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

Build1

C2

45.142.213.135:30058

Targets

- Target
  
  e254914f5f7feb6bf10041e2c705d469bc2b292d709dc944381db5911beb1d9f (1)
- Size
  
  1009KB
- MD5
  
  7e06ee9bf79e2861433d6d2b8ff4694d
- SHA1
  
  28de30147de38f968958e91770e69ceb33e35eb5
- SHA256
  
  e254914f5f7feb6bf10041e2c705d469bc2b292d709dc944381db5911beb1d9f
- SHA512
  
  225cd5e37dbc29aad1d242582748457112b0adb626541a6876c2c6a0e6a27d986791654fd94458e557c628dc16db17f22db037853fae7c41dde34ba4e7245081
Score

10^/10

redline build1 infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

redlinebuild1infostealerpersistence

behavioral2

redlinebuild1infostealerpersistence

© 2018-2024

Terms | Privacy