redline | 75da761b015ffe64c01e191a864fd234393e6687462df33649ea42b97cbe47a4 | Triage

Submit
Reports

Overview

overview

Static

static

pMsvVwER.exe

windows7_x64

8

pMsvVwER.exe

windows10_x64

8

Sharing

General

Target

pMsvVwER.exe
Size

104KB
Sample

210918-s2z9wsccck
MD5

8d8d7d4aba4420af2e126800a3139dd8
SHA1

4c3cbb2df4e8b7c7fde6ab7d5f7029ce2b4d5437
SHA256

75da761b015ffe64c01e191a864fd234393e6687462df33649ea42b97cbe47a4
SHA512

340e5de5bd57be15b19acbed186ebf0ae9452ab58e6671b3d04e43729dd76e57bdb177a6a418d6ca173d0408edbb7613799ef6043e3faccde20c387467069007

Score

10^/10

redline @treeline300 discovery spyware stealer

Static task

static1

@treeline300 redline

Behavioral task

behavioral1

Sample

pMsvVwER.exe

Resource

win7v20210408

discovery spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

pMsvVwER.exe

Resource

win10v20210408

discovery spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

@treeline300

C2

45.137.190.170:19896

Targets

- Target
  
  pMsvVwER.exe
- Size
  
  104KB
- MD5
  
  8d8d7d4aba4420af2e126800a3139dd8
- SHA1
  
  4c3cbb2df4e8b7c7fde6ab7d5f7029ce2b4d5437
- SHA256
  
  75da761b015ffe64c01e191a864fd234393e6687462df33649ea42b97cbe47a4
- SHA512
  
  340e5de5bd57be15b19acbed186ebf0ae9452ab58e6671b3d04e43729dd76e57bdb177a6a418d6ca173d0408edbb7613799ef6043e3faccde20c387467069007
Score

8^/10

discovery spyware stealer
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

@treeline300redline

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer

© 2018-2024

Terms | Privacy