redline | 2df6cc430475ae053ad2772a3a9d1de1a03af31c3ebfdd0e5d5bd7fbdc61866a | Triage

Submit
Reports

Overview

overview

Static

static

Fri05f84fa77402bf.exe

windows7_x64

Fri05f84fa77402bf.exe

windows7_x64

Fri05f84fa77402bf.exe

windows7_x64

Fri05f84fa77402bf.exe

windows11_x64

Fri05f84fa77402bf.exe

windows10_x64

Fri05f84fa77402bf.exe

windows10_x64

Fri05f84fa77402bf.exe

windows10_x64

Sharing

General

Target

Fri05f84fa77402bf.exe
Size

394KB
Sample

211022-r1clrsbgc7
MD5

8e0abf31bbb7005be2893af10fcceaa9
SHA1

a48259c2346d7aed8cf14566d066695a8c2db55c
SHA256

2df6cc430475ae053ad2772a3a9d1de1a03af31c3ebfdd0e5d5bd7fbdc61866a
SHA512

ba76470f4896e6bdac508e6a901b352a3bf731ab5680b9931cc1a8c874482cf0c19a374a6a58dda5237178c1861509529a5174bf76fa768efac7989dbc1c1970

Score

10^/10

redline chrisnew discovery infostealer persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Fri05f84fa77402bf.exe

Resource

win7-ja-20210920

redline chrisnew discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Fri05f84fa77402bf.exe

Resource

win7-en-20211014

redline chrisnew discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

Fri05f84fa77402bf.exe

Resource

win7-de-20210920

redline chrisnew discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral4

Sample

Fri05f84fa77402bf.exe

Resource

win11

redline chrisnew discovery infostealer persistence spyware stealer

windows11_x64

0 signatures

0 seconds

Behavioral task

behavioral5

Sample

Fri05f84fa77402bf.exe

Resource

win10-ja-20210920

redline chrisnew discovery infostealer persistence spyware stealer

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral6

Sample

Fri05f84fa77402bf.exe

Resource

win10-en-20211014

redline chrisnew discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral7

Sample

Fri05f84fa77402bf.exe

Resource

win10-de-20211014

redline chrisnew discovery infostealer persistence spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

ChrisNEW

C2

194.104.136.5:46013

Targets

- Target
  
  Fri05f84fa77402bf.exe
- Size
  
  394KB
- MD5
  
  8e0abf31bbb7005be2893af10fcceaa9
- SHA1
  
  a48259c2346d7aed8cf14566d066695a8c2db55c
- SHA256
  
  2df6cc430475ae053ad2772a3a9d1de1a03af31c3ebfdd0e5d5bd7fbdc61866a
- SHA512
  
  ba76470f4896e6bdac508e6a901b352a3bf731ab5680b9931cc1a8c874482cf0c19a374a6a58dda5237178c1861509529a5174bf76fa768efac7989dbc1c1970
Score

10^/10

redline chrisnew discovery infostealer spyware stealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Registers COM server for autorun
  persistence
- Sets service image path in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3 behavioral4 behavioral5 behavioral6 behavioral7

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

redlinechrisnewdiscoveryinfostealerspywarestealer

behavioral2

redlinechrisnewdiscoveryinfostealerspywarestealer

behavioral3

redlinechrisnewdiscoveryinfostealerspywarestealer

behavioral4

redlinechrisnewdiscoveryinfostealerpersistencespywarestealer

behavioral5

redlinechrisnewdiscoveryinfostealerpersistencespywarestealer

behavioral6

redlinechrisnewdiscoveryinfostealerspywarestealer

behavioral7

redlinechrisnewdiscoveryinfostealerpersistencespywarestealer

© 2018-2024

Terms | Privacy