Overview

overview

10

Static

static

Document.pdf.scr

windows7-x64

10

Document.pdf.scr

windows10-1703-x64

10

Document.pdf.scr

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Document.pdf.scr

  • Size

    700.0MB

  • Sample

    220725-m2e13ahda4

  • MD5

    ea7b8236ca438995b2ee7604043fc20c

  • SHA1

    4543d6fbe467c8a17b962e0c19a25fd59d82ded8

  • SHA256

    954e35d28e5938766eb6922e08a4e26d5ed892a1578027374d945efbe0d927e3

  • SHA512

    22a1173def10e7c74fbcef024127f87635a508044c4fbbfa2f4e32b05823b5fc9fa166645851dbaa32c926a735745ca727dc0183a72fd9f3cc222f9f07395a7a

Score
10/10
redline1infostealerspyware

Malware Config

Extracted

Family

redline

Botnet

1

C2

62.204.41.139:25190

Attributes
  • auth_value

    2c239ad7c28c8eab1f9626557bb9457a

Targets

    • Target

      Document.pdf.scr

    • Size

      700.0MB

    • MD5

      ea7b8236ca438995b2ee7604043fc20c

    • SHA1

      4543d6fbe467c8a17b962e0c19a25fd59d82ded8

    • SHA256

      954e35d28e5938766eb6922e08a4e26d5ed892a1578027374d945efbe0d927e3

    • SHA512

      22a1173def10e7c74fbcef024127f87635a508044c4fbbfa2f4e32b05823b5fc9fa166645851dbaa32c926a735745ca727dc0183a72fd9f3cc222f9f07395a7a

    Score
    10/10
    redline1infostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks