redline | 16f4a3fc69b8b2b64db781127f898729b4ea712c835a3ffc8b25021106f8245c | Triage

Submit
Reports

Overview

overview

Static

static

16f4a3fc69...a3.exe

windows7_x64

16f4a3fc69...a3.exe

windows10-2004_x64

Sharing

General

Target

16f4a3fc69b8b2b64db781127f898729b4ea712c835a3.exe
Size

4.4MB
Sample

220406-g4842abcd6
MD5

594d7823440e565b0f1379be8f218e33
SHA1

07b3e8fc1d21fbbc13f7271d8eda4794ffa71861
SHA256

16f4a3fc69b8b2b64db781127f898729b4ea712c835a3ffc8b25021106f8245c
SHA512

b746afcbaad590c7fefe6c74c4ca076d97a74a91907272815f5be289ff1109ce257999d33600b5ec94b8b121305913cb10906c3f066bbbbdc2d7f1601bb9eca9

Score

10^/10

redline filinnn1 evasion infostealer spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

16f4a3fc69b8b2b64db781127f898729b4ea712c835a3.exe

Resource

win7-20220311-en

redline filinnn1 evasion infostealer spyware trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

16f4a3fc69b8b2b64db781127f898729b4ea712c835a3.exe

Resource

win10v2004-20220331-en

redline filinnn1 evasion infostealer spyware trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

filinnn1

C2

5.45.77.29:41494

Attributes

auth_value
da347df57c88b125ede510dbe7fcc0f4

Targets

- Target
  
  16f4a3fc69b8b2b64db781127f898729b4ea712c835a3.exe
- Size
  
  4.4MB
- MD5
  
  594d7823440e565b0f1379be8f218e33
- SHA1
  
  07b3e8fc1d21fbbc13f7271d8eda4794ffa71861
- SHA256
  
  16f4a3fc69b8b2b64db781127f898729b4ea712c835a3ffc8b25021106f8245c
- SHA512
  
  b746afcbaad590c7fefe6c74c4ca076d97a74a91907272815f5be289ff1109ce257999d33600b5ec94b8b121305913cb10906c3f066bbbbdc2d7f1601bb9eca9
Score

10^/10

redline filinnn1 evasion infostealer spyware trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinefilinnn1evasioninfostealerspywaretrojan

behavioral2

redlinefilinnn1evasioninfostealerspywaretrojan

© 2018-2024

Terms | Privacy