Overview

overview

10

Static

static

Document/D...df.scr

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Document.rar

  • Size

    5.0MB

  • Sample

    220727-pw7j8sdhdl

  • MD5

    10e7fa9b1cdf6a901e170c900cdbbe91

  • SHA1

    be29db7268140f9c2e9f3c390b60314f5f4e2f67

  • SHA256

    4d83ea2172cf708ac8ddde013f1fb26f0710cc327ec6c54ec44cd6f64eb01382

  • SHA512

    b4b91fc16eae555aaaada04b9ef59e9a161e8d72ba89e9278f27684e0a6356c88a04a1426746888fc3133437e59077174ce5fb9d98f8e28e001f4ad2b723c150

Score
10/10
redline2infostealerspyware

Malware Config

Extracted

Family

redline

Botnet

2

C2

62.204.41.139:25190

Attributes
  • auth_value

    f3af3290196bb8fa91c4ccc1d3fcb28f

Targets

    • Target

      Document/Document.pdf.scr

    • Size

      700.0MB

    • MD5

      66313350525d00444319e42f88c9a320

    • SHA1

      5e54b8d600254f67fc03cad68a00a7f2a9d89b77

    • SHA256

      00770e297ae5fdcaa0f235de9bee97309553bc89c955c47141e21f6fabdd55c7

    • SHA512

      a16611adba248ea831a4c25b6d0d46e20793f2f3500a13f29129414756c24ad209118b93e3b435e229e41ab92b01d52bfe31add86c0ed8b6e7469aafff594e2b

    Score
    10/10
    redline2infostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks