redline | b4781474596c183da5b10c22ce2260c802ef4f553ed347f4813ad30cab0d56e2 | Triage

Resubmissions

05-07-2022 21:03

220705-zwf3dsdaaq 10

05-07-2022 20:51

220705-zm678achbm 10

Sharing

General

Target

b4781474596c183da5b10c22ce2260c802ef4f553ed347f4813ad30cab0d56e2
Size

770.0MB
Sample

220705-zm678achbm
MD5

a5a83474450554b7da04587cf77f76ec
SHA1

a8a579d8a66f4875df9cbed1a2a6c3392b232853
SHA256

b4781474596c183da5b10c22ce2260c802ef4f553ed347f4813ad30cab0d56e2
SHA512

db5c11cab72ccd89de9982c1dd5488e608195f795c5118f31160dab4a01c86d439ca9ddb37212647c38e0eac4d6394d3e47fe9c1e340f1f4cf95856e54624ee5

Score

10^/10

redline word 7 infostealer persistence spyware

Malware Config

Extracted

Family

redline

Botnet

word 7

C2

65.21.74.139:20775

Attributes

auth_value
fc283e807b7b9afa9b29c1b782aad551

Targets

- Target
  
  b4781474596c183da5b10c22ce2260c802ef4f553ed347f4813ad30cab0d56e2
- Size
  
  770.0MB
- MD5
  
  a5a83474450554b7da04587cf77f76ec
- SHA1
  
  a8a579d8a66f4875df9cbed1a2a6c3392b232853
- SHA256
  
  b4781474596c183da5b10c22ce2260c802ef4f553ed347f4813ad30cab0d56e2
- SHA512
  
  db5c11cab72ccd89de9982c1dd5488e608195f795c5118f31160dab4a01c86d439ca9ddb37212647c38e0eac4d6394d3e47fe9c1e340f1f4cf95856e54624ee5
Score

10^/10

redline word 7 infostealer spyware persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineword 7infostealerspyware

behavioral2

redlineword 7infostealerpersistencespyware