redline | 50baaf40c3cc650cc05a0cc0e2e71f33ca6b2287a1ec92010815a8e36444e2e9 | Triage

Submit
Reports

Overview

overview

Static

static

Document.pdf.rar

windows7-x64

3

Document.pdf.rar

windows10-2004-x64

Resubmissions

03-08-2022 08:56

220803-kv6jbsader 10

03-08-2022 08:54

220803-kt3faahcg8 3

02-08-2022 09:58

220802-lzp8kseggk 1

Sharing

General

Target

Document-fWBiK242.zip
Size

5.3MB
Sample

220803-kv6jbsader
MD5

08e527e553fe6948762eca8bf1d09542
SHA1

04555430360f5f5754faf29a8d3d4c1bf53c1b06
SHA256

50baaf40c3cc650cc05a0cc0e2e71f33ca6b2287a1ec92010815a8e36444e2e9
SHA512

7ceeca9c0568a06289cfc6ff5b3afd02eb4335e8380615828853076b516f67c9de8d4c9762a58e5bfafbd652bbdd0f07687d3eaf4ae370138d1968a1f5f776d5

Score

10^/10

redline 4 infostealer spyware

Static task

static1

Behavioral task

behavioral1

Sample

Document.pdf.rar

Resource

win7-20220715-en

windows7-x64

5 signatures

300 seconds

Behavioral task

behavioral2

Sample

Document.pdf.rar

Resource

win10v2004-20220721-en

redline 4 infostealer spyware

windows10-2004-x64

15 signatures

300 seconds

Malware Config

Extracted

Family

redline

Botnet

4

C2

62.204.41.139:25190

Attributes

auth_value
e3f1c684b72f36028881fd28e808729c

Targets

- Target
  
  Document.pdf.rar
- Size
  
  5.3MB
- MD5
  
  f8e8cdb2cd4103704a87a385c296f84d
- SHA1
  
  8d753065e0822129cb264b63c857c81719ff6959
- SHA256
  
  824f65eaa8527b7e2000fc874bf7ecc578a2e6585b6ac5e05bb56d3b45fec477
- SHA512
  
  b92bc18b1582f33a9f0b4f37fdee5d7d52c811c7eda7e7a4757210a2ee43f4444a01426730ec1b47ad07ad0172bd8162efb6161312903fb0c45fcd49cd914d19
Score

10^/10

redline 4 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

redline4infostealerspyware

© 2018-2024

Terms | Privacy