redline | 7e6b525d20c679bb8241177f2e307bb9c5b9070e4846a033640eb45eafcf64ea | Triage

Submit
Reports

Overview

overview

Static

static

TikTok-Views-BOT.exe

windows7_x64

TikTok-Views-BOT.exe

windows10_x64

Sharing

General

Target

TikTok-Views-BOT.exe
Size

11.5MB
Sample

211116-psx7dsagen
MD5

1f564063f2fd3e319c2669f7e29e7bd7
SHA1

15492d97a4279c4e84c430194bb68323a5b4b9b2
SHA256

7e6b525d20c679bb8241177f2e307bb9c5b9070e4846a033640eb45eafcf64ea
SHA512

606041e1a2f48f4da30261f1b9062bf1f85f5b2fa43b6dc497acf096cb7c9124a72bd913fb7c8668d025b51596dc6951f054bdbef589a4a7f712a8fbc3caa9b9

Score

10^/10

redline xmrig discovery evasion infostealer miner pyinstaller spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

TikTok-Views-BOT.exe

Resource

win7-en-20211104

redline xmrig discovery evasion infostealer miner pyinstaller spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

TikTok-Views-BOT.exe

Resource

win10-en-20211014

redline xmrig discovery evasion infostealer miner pyinstaller spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  TikTok-Views-BOT.exe
- Size
  
  11.5MB
- MD5
  
  1f564063f2fd3e319c2669f7e29e7bd7
- SHA1
  
  15492d97a4279c4e84c430194bb68323a5b4b9b2
- SHA256
  
  7e6b525d20c679bb8241177f2e307bb9c5b9070e4846a033640eb45eafcf64ea
- SHA512
  
  606041e1a2f48f4da30261f1b9062bf1f85f5b2fa43b6dc497acf096cb7c9124a72bd913fb7c8668d025b51596dc6951f054bdbef589a4a7f712a8fbc3caa9b9
Score

10^/10

redline xmrig discovery evasion infostealer miner pyinstaller spyware stealer trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- UAC bypass
  evasion trojan
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner Payload
  miner
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Bypass User Account Control

Scheduled Task

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinexmrigdiscoveryevasioninfostealerminerpyinstallerspywarestealertrojan

behavioral2

redlinexmrigdiscoveryevasioninfostealerminerpyinstallerspywarestealertrojan

© 2018-2024

Terms | Privacy