redline | 817eb88f299a32c9937d45886b978c2fcee619c756d4daf33af39604432064f0 | Triage

Submit
Reports

Overview

overview

Static

static

SecuriteIn...24.exe

windows7-x64

1

SecuriteIn...24.exe

windows10-2004-x64

Sharing

General

Target

SecuriteInfo.com.W32.AIDetectNet.01.7624.22952
Size

1.0MB
Sample

220808-d3mb4acebq
MD5

a80a2a5f4aaee7c7df7f01ca7a919080
SHA1

17dc830d904c56709e910c193be53927b2783516
SHA256

817eb88f299a32c9937d45886b978c2fcee619c756d4daf33af39604432064f0
SHA512

ff5f2808d8252a707c8e7b11a67290d0dac0a6e2d45a717c02384a6240b74e4910bc8497349589c1813122f0c8e49b49dc8a9653b1e9d06b8c970e46aa81e751

Score

10^/10

redline warzonerat iyke infostealer rat

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.W32.AIDetectNet.01.7624.exe

Resource

win7-20220718-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.W32.AIDetectNet.01.7624.exe

Resource

win10v2004-20220721-en

redline warzonerat iyke infostealer rat

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

76.8.53.133:1198

Extracted

Family

redline

Botnet

IYKE

C2

76.8.53.133:30308

Targets

- Target
  
  SecuriteInfo.com.W32.AIDetectNet.01.7624.22952
- Size
  
  1.0MB
- MD5
  
  a80a2a5f4aaee7c7df7f01ca7a919080
- SHA1
  
  17dc830d904c56709e910c193be53927b2783516
- SHA256
  
  817eb88f299a32c9937d45886b978c2fcee619c756d4daf33af39604432064f0
- SHA512
  
  ff5f2808d8252a707c8e7b11a67290d0dac0a6e2d45a717c02384a6240b74e4910bc8497349589c1813122f0c8e49b49dc8a9653b1e9d06b8c970e46aa81e751
Score

10^/10

redline warzonerat iyke infostealer rat
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

redlinewarzoneratiykeinfostealerrat

© 2018-2024

Terms | Privacy