redline

General

Target

redacted.jpg.zip
Size

1007KB
Sample

220909-mqldpsfhd8
MD5

1853d743a3ec59cec0e520bffefc1b9f
SHA1

f2e10461d3e0b76c0e0b82ae1d9fd6d706c660b7
SHA256

eba2a259c218ff825fed47dcab8f902340abc3b73f9d69eb94f74911005d9e5e
SHA512

7ba1ce7fdc25e62b001f1ac41746f049b1caf9f7b41cc97ec57a35e9a915c449290a464f80afdf65903ba003cca96adbbf3dd367bf35a8b0e573520ece3b1f98
SSDEEP

3072:Big0pfJPF+7pxVqrZPxpRcPFpdBpKtEgCy/XWCkqnWgA+IS21IOZ:BidB2x86PEv/XQP++XZ

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

08-09-2022

C2

212.162.153.140:3710

Attributes

auth_value
9dceadc00edb791e53b479021774f4c6

Targets

- Target
  
  redacted.jpg.scr
- Size
  
  700.0MB
- MD5
  
  272f96f8b005dab844b267860ce3082d
- SHA1
  
  0ed1e76aaf1adff201a1ac2a63d8ede09a7b98bd
- SHA256
  
  ed76dd6460c93d09238b4d858e977daa442cf2949c4883865490d9b2c12567c9
- SHA512
  
  ea929a1a3c70f8a087eb0f974358ecb4e48c2836697be04b574ae69b582623d3322e7f79bda951a9c2eb7bd6dd28591e24f5fa856557bf973442eb7c947fe53f
- SSDEEP
  
  6144:tojroPa0Cy0YLcZtXC/m3fqvHUkxChx48RLwJ:toYKyFgZ/3fhkxChx4f
Score

10^/10

redline 08-09-2022 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

.NET Reactor proctector

Checks computer location settings

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2