redline | 07f25ccae0c5a4be7aacf1e2fc562e20ad26cfeb32d561a23635ce963a6d5c27 | Triage

Submit
Reports

Overview

overview

Static

static

07f25ccae0...27.exe

windows7_x64

07f25ccae0...27.exe

windows10-2004_x64

Sharing

General

Target

07f25ccae0c5a4be7aacf1e2fc562e20ad26cfeb32d561a23635ce963a6d5c27
Size

479KB
Sample

220208-f7a6qseac4
MD5

203e8131a6f654a6c67f53ef46b65117
SHA1

51ece091b99c77ef712db6aac01ca8b183d2e0b0
SHA256

07f25ccae0c5a4be7aacf1e2fc562e20ad26cfeb32d561a23635ce963a6d5c27
SHA512

311db800b56eac3f3bdfd78a922eeb7a2a019b236f3dea5229475519f5bf87f756d9cdcad9a8d4011ba9fc1b1463cb860d1d2da7fb92c8c29553c3e117d0e0c0

Score

10^/10

redline test1 discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

07f25ccae0c5a4be7aacf1e2fc562e20ad26cfeb32d561a23635ce963a6d5c27.exe

Resource

win7-en-20211208

redline test1 discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

07f25ccae0c5a4be7aacf1e2fc562e20ad26cfeb32d561a23635ce963a6d5c27.exe

Resource

win10v2004-en-20220113

redline test1 discovery infostealer spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

test1

C2

disandillanne.xyz:80

Targets

- Target
  
  07f25ccae0c5a4be7aacf1e2fc562e20ad26cfeb32d561a23635ce963a6d5c27
- Size
  
  479KB
- MD5
  
  203e8131a6f654a6c67f53ef46b65117
- SHA1
  
  51ece091b99c77ef712db6aac01ca8b183d2e0b0
- SHA256
  
  07f25ccae0c5a4be7aacf1e2fc562e20ad26cfeb32d561a23635ce963a6d5c27
- SHA512
  
  311db800b56eac3f3bdfd78a922eeb7a2a019b236f3dea5229475519f5bf87f756d9cdcad9a8d4011ba9fc1b1463cb860d1d2da7fb92c8c29553c3e117d0e0c0
Score

10^/10

redline test1 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Suspicious use of NtCreateProcessExOtherParentProcess
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

redlinetest1discoveryinfostealerspywarestealer

behavioral2

redlinetest1discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy