redline | 6104f2b4049168fea236bb6a5b9a5194b878b61f87336eafb0fe5a5fab93144b | Triage

Submit
Reports

Overview

overview

Static

static

6104F2B404...36.exe

windows7_x64

6104F2B404...36.exe

windows10_x64

Sharing

General

Target

6104F2B4049168FEA236BB6A5B9A5194B878B61F87336.exe
Size

3.2MB
Sample

220122-2c4qfsddf8
MD5

7289c24e6e34cf7ed1d518152eb64eac
SHA1

e7996ee499e594195cf25be007ba862c299d50ab
SHA256

6104f2b4049168fea236bb6a5b9a5194b878b61f87336eafb0fe5a5fab93144b
SHA512

ad106693e527b52e3eae061145f0dbdba7b2704458b8685108ce28ad4cd71b631d9dcb913c370396903a8372677b840c37e4192a8c641ed0ae692cf59e4fb632

Score

10^/10

redline ani media12 she aspackv2 infostealer

Static task

static1

Behavioral task

behavioral1

Sample

6104F2B4049168FEA236BB6A5B9A5194B878B61F87336.exe

Resource

win7-en-20211208

redline ani media12 aspackv2 infostealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

6104F2B4049168FEA236BB6A5B9A5194B878B61F87336.exe

Resource

win10-en-20211208

redline ani media12 she aspackv2 infostealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

media12

C2

91.121.67.60:2151

Extracted

Family

redline

Botnet

ANI

C2

194.104.136.5:46013

Extracted

Family

redline

Botnet

she

C2

135.181.129.119:4805

Targets

- Target
  
  6104F2B4049168FEA236BB6A5B9A5194B878B61F87336.exe
- Size
  
  3.2MB
- MD5
  
  7289c24e6e34cf7ed1d518152eb64eac
- SHA1
  
  e7996ee499e594195cf25be007ba862c299d50ab
- SHA256
  
  6104f2b4049168fea236bb6a5b9a5194b878b61f87336eafb0fe5a5fab93144b
- SHA512
  
  ad106693e527b52e3eae061145f0dbdba7b2704458b8685108ce28ad4cd71b631d9dcb913c370396903a8372677b840c37e4192a8c641ed0ae692cf59e4fb632
Score

10^/10

redline ani media12 aspackv2 infostealer she
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

redlineanimedia12aspackv2infostealer

behavioral2

redlineanimedia12sheaspackv2infostealer

© 2018-2024

Terms | Privacy