redline | 50c4600abe6b9a01aa19a65d6525b0507f943271df564bd7e019e3b5ffa98274 | Triage

Submit
Reports

Overview

overview

Static

static

Document.pdf.scr

windows7-x64

Document.pdf.scr

windows10-2004-x64

Sharing

General

Target

Document.pdf.scr
Size

700.0MB
Sample

220804-2zckgsdbek
MD5

2b2400b8f0d578e12b79193ad0ca4de9
SHA1

f9d9f1cdb93a0344e71692260d04d5f2f820d7d5
SHA256

50c4600abe6b9a01aa19a65d6525b0507f943271df564bd7e019e3b5ffa98274
SHA512

6b1b6608476f339ea3ba37b02178a606b51759e4e27e838680c5dc95c5d3e30d712e4dede45c15e9e2b8adbdaea4ae11de9be33b843d0b5aeca4c89fa38565b6

Score

10^/10

redline 4 infostealer spyware

Static task

static1

Behavioral task

behavioral1

Sample

Document.pdf.scr

Resource

win7-20220715-en

redline 4 infostealer spyware

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

Document.pdf.scr

Resource

win10v2004-20220721-en

redline 4 infostealer spyware

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

4

C2

62.204.41.139:25190

Attributes

auth_value
e3f1c684b72f36028881fd28e808729c

Targets

- Target
  
  Document.pdf.scr
- Size
  
  700.0MB
- MD5
  
  2b2400b8f0d578e12b79193ad0ca4de9
- SHA1
  
  f9d9f1cdb93a0344e71692260d04d5f2f820d7d5
- SHA256
  
  50c4600abe6b9a01aa19a65d6525b0507f943271df564bd7e019e3b5ffa98274
- SHA512
  
  6b1b6608476f339ea3ba37b02178a606b51759e4e27e838680c5dc95c5d3e30d712e4dede45c15e9e2b8adbdaea4ae11de9be33b843d0b5aeca4c89fa38565b6
Score

10^/10

redline 4 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline4infostealerspyware

behavioral2

redline4infostealerspyware

© 2018-2024

Terms | Privacy