redline | 6c8f0778c3e717db0505aa02c6d3b0cd0d25cf8d5210c5ab6aa389a927b855d7 | Triage

Submit
Reports

Overview

overview

Static

static

Document.p...df.scr

windows7-x64

Document.p...df.scr

windows10-2004-x64

Sharing

General

Target

Document.pdf.rar
Size

5.0MB
Sample

220722-edpatscda2
MD5

934800c7a05d7d01b95dae2e43629da9
SHA1

c75abbd12143d8a067b4f333c7ff434047217fee
SHA256

6c8f0778c3e717db0505aa02c6d3b0cd0d25cf8d5210c5ab6aa389a927b855d7
SHA512

28c5846eec64c7b2a183b6dabae3e563a739c794161ac95c00ac31f81b107c001dc25afb9b9a806847deb76221bd881a1e521a1c0ca54769824fe40cf94e5f24

Score

10^/10

redline 1 infostealer spyware

Static task

static1

Behavioral task

behavioral1

Sample

Document.pdf/Document.pdf.scr

Resource

win7-20220718-en

redline 1 infostealer spyware

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

Document.pdf/Document.pdf.scr

Resource

win10v2004-20220721-en

redline 1 infostealer spyware

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

1

C2

62.204.41.139:25190

Attributes

auth_value
2c239ad7c28c8eab1f9626557bb9457a

Targets

- Target
  
  Document.pdf/Document.pdf.scr
- Size
  
  700.0MB
- MD5
  
  ea7b8236ca438995b2ee7604043fc20c
- SHA1
  
  4543d6fbe467c8a17b962e0c19a25fd59d82ded8
- SHA256
  
  954e35d28e5938766eb6922e08a4e26d5ed892a1578027374d945efbe0d927e3
- SHA512
  
  22a1173def10e7c74fbcef024127f87635a508044c4fbbfa2f4e32b05823b5fc9fa166645851dbaa32c926a735745ca727dc0183a72fd9f3cc222f9f07395a7a
Score

10^/10

redline 1 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline1infostealerspyware

behavioral2

redline1infostealerspyware

© 2018-2024

Terms | Privacy