redline | 801e8af2f94a4b713c6d137eaa2c604b31b238038a6ffd6d7543b0089cc88ab9 | Triage

Submit
Reports

Overview

overview

Static

static

Document.pdf.scr.exe

windows10-1703-x64

Sharing

General

Target

Document.pdf.scr.bin
Size

2.1MB
Sample

220725-h5e31sbae6
MD5

93dd6479d9333cac3202b3ea9502a07c
SHA1

27ba3ddc97cb409b9d9b7c61dfb442c1c4655bee
SHA256

801e8af2f94a4b713c6d137eaa2c604b31b238038a6ffd6d7543b0089cc88ab9
SHA512

948f9a6ce1a02437263b2a6ad332e7a3c5e751776c9fe455b0aa605ac99dd87611b4a1386c4ba908d65455fa012228f99ba4a2501956afb8cc7ceaa03475f7e9

Score

10^/10

redline 1 infostealer spyware

Static task

static1

Behavioral task

behavioral1

Sample

Document.pdf.scr.exe

Resource

win10-20220718-en

redline 1 infostealer spyware

windows10-1703-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

1

C2

62.204.41.139:25190

Attributes

auth_value
2c239ad7c28c8eab1f9626557bb9457a

Targets

- Target
  
  Document.pdf.scr.bin
- Size
  
  2.1MB
- MD5
  
  93dd6479d9333cac3202b3ea9502a07c
- SHA1
  
  27ba3ddc97cb409b9d9b7c61dfb442c1c4655bee
- SHA256
  
  801e8af2f94a4b713c6d137eaa2c604b31b238038a6ffd6d7543b0089cc88ab9
- SHA512
  
  948f9a6ce1a02437263b2a6ad332e7a3c5e751776c9fe455b0aa605ac99dd87611b4a1386c4ba908d65455fa012228f99ba4a2501956afb8cc7ceaa03475f7e9
Score

10^/10

redline 1 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline1infostealerspyware

© 2018-2024

Terms | Privacy