redline | fba454b0f86b6514c9d9e5268ed58a398d30443819ec887fbc2b02d590dc1522 | Triage

Submit
Reports

Overview

overview

Static

static

fba454b0f8...22.msi

windows7_x64

fba454b0f8...22.msi

windows10-2004_x64

8

Sharing

General

Target

fba454b0f86b6514c9d9e5268ed58a398d30443819ec887fbc2b02d590dc1522
Size

1MB
Sample

220516-j14q9aacgj
MD5

6e31d2f2c745b340e02b2e1f9711a715
SHA1

9c99809aa69805f708afb5418b68b430d4087552
SHA256

fba454b0f86b6514c9d9e5268ed58a398d30443819ec887fbc2b02d590dc1522
SHA512

41694c05606a8585e6fa8e4e5e0672c59ccc096be6dbf0184c4af0e03e145f98101d96d02e3f744f9710cb722906b2afb2b6f90851842cec9eb9912c32fc587c

Score

10^/10

redline install discovery infostealer spyware

Static task

static1

Behavioral task

behavioral1

Sample

fba454b0f86b6514c9d9e5268ed58a398d30443819ec887fbc2b02d590dc1522.msi

Resource

win7-20220414-en

redline install discovery infostealer spyware

Behavioral task

behavioral2

Sample

fba454b0f86b6514c9d9e5268ed58a398d30443819ec887fbc2b02d590dc1522.msi

Resource

win10v2004-20220414-en

discovery spyware

Malware Config

Extracted

Family

redline

Botnet

Install

C2

176.10.119.117:27038

Attributes

auth_value
701b6467f584b2d5c52fa31ecce6761d

Targets

- Target
  
  fba454b0f86b6514c9d9e5268ed58a398d30443819ec887fbc2b02d590dc1522
- Size
  
  1MB
- MD5
  
  6e31d2f2c745b340e02b2e1f9711a715
- SHA1
  
  9c99809aa69805f708afb5418b68b430d4087552
- SHA256
  
  fba454b0f86b6514c9d9e5268ed58a398d30443819ec887fbc2b02d590dc1522
- SHA512
  
  41694c05606a8585e6fa8e4e5e0672c59ccc096be6dbf0184c4af0e03e145f98101d96d02e3f744f9710cb722906b2afb2b6f90851842cec9eb9912c32fc587c
Score

10^/10

redline install discovery infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Permissions Modification

Credential Access

Credentials in Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineinstalldiscoveryinfostealerspyware

behavioral2

discoveryspyware

© 2018-2023

Terms | Privacy