redline | 7efbff752d4cb0acb63da3f0d9cfc1aea1c8b825c59f4b76f002e0d0206e65c9 | Triage

Submit
Reports

Overview

overview

Static

static

7

7efbff752d...c9.exe

windows7_x64

7efbff752d...c9.exe

windows10-2004_x64

Sharing

General

Target

7efbff752d4cb0acb63da3f0d9cfc1aea1c8b825c59f4b76f002e0d0206e65c9
Size

4.8MB
Sample

220622-nhndrschgm
MD5

2e4647f90895a572202a2f89d4479701
SHA1

74b32ddf657b8a1d5043217a93ed77a18ad60fa6
SHA256

7efbff752d4cb0acb63da3f0d9cfc1aea1c8b825c59f4b76f002e0d0206e65c9
SHA512

f2245058cef639c8f894427a064d6d33eca5124fbe14d982e76d46a4220398fecb36da55f30163a60abe3466f263b1a1fe85c0b3c0aa89719a312145e6246fd4

Score

10^/10

redline @whizzkid1 discovery evasion infostealer spyware stealer themida trojan

Static task

static1

Behavioral task

behavioral1

Sample

7efbff752d4cb0acb63da3f0d9cfc1aea1c8b825c59f4b76f002e0d0206e65c9.exe

Resource

win7-20220414-en

redline @whizzkid1 discovery evasion infostealer spyware stealer themida trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

7efbff752d4cb0acb63da3f0d9cfc1aea1c8b825c59f4b76f002e0d0206e65c9.exe

Resource

win10v2004-20220414-en

redline @whizzkid1 discovery evasion infostealer spyware stealer themida trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

@whizzkid1

C2

185.215.113.83:60722

Attributes

auth_value
ff9f6167737e6e2ab682ab9de72ded7d

Targets

- Target
  
  7efbff752d4cb0acb63da3f0d9cfc1aea1c8b825c59f4b76f002e0d0206e65c9
- Size
  
  4.8MB
- MD5
  
  2e4647f90895a572202a2f89d4479701
- SHA1
  
  74b32ddf657b8a1d5043217a93ed77a18ad60fa6
- SHA256
  
  7efbff752d4cb0acb63da3f0d9cfc1aea1c8b825c59f4b76f002e0d0206e65c9
- SHA512
  
  f2245058cef639c8f894427a064d6d33eca5124fbe14d982e76d46a4220398fecb36da55f30163a60abe3466f263b1a1fe85c0b3c0aa89719a312145e6246fd4
Score

10^/10

redline @whizzkid1 discovery evasion infostealer spyware stealer themida trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline@whizzkid1discoveryevasioninfostealerspywarestealerthemidatrojan

behavioral2

redline@whizzkid1discoveryevasioninfostealerspywarestealerthemidatrojan

© 2018-2024

Terms | Privacy