redline | d5d480f5fd4ba0abaed160c260a16591f344a30b9ef6d7b9bea55ea919e33764 | Triage

Submit
Reports

Overview

overview

Static

static

Details.rtf

windows7-x64

Details.rtf

windows10-2004-x64

1

Sharing

General

Target

Details.doc
Size

17KB
Sample

220920-h6n3bafhap
MD5

2900a793fe9b95f5f8172eb5b6dccc61
SHA1

51062814c582c057b18c6a47d1a496c1214ebd81
SHA256

d5d480f5fd4ba0abaed160c260a16591f344a30b9ef6d7b9bea55ea919e33764
SHA512

dbe38c2f79d5c177b7d1b8765d547d4e3cfd3f7933ff0cad0dd85a870cefd427ff43896eca1544968e48e2f36615f2c0492fe19c3ee77aa782c064977ba7ffbd
SSDEEP

192:oHQbxxLN7g0hMFhcihOsC2hOEgkFh55Uo2CfNEn+wbpPSovPL9JI7FO:omxHTfks1CfinvBXLk7FO

Score

10^/10

redline sirus discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Details.rtf

Resource

win7-20220812-en

redline sirus discovery infostealer spyware stealer

windows7-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

Details.rtf

Resource

win10v2004-20220812-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

sirus

C2

147.124.223.126:4444

Targets

- Target
  
  Details.doc
- Size
  
  17KB
- MD5
  
  2900a793fe9b95f5f8172eb5b6dccc61
- SHA1
  
  51062814c582c057b18c6a47d1a496c1214ebd81
- SHA256
  
  d5d480f5fd4ba0abaed160c260a16591f344a30b9ef6d7b9bea55ea919e33764
- SHA512
  
  dbe38c2f79d5c177b7d1b8765d547d4e3cfd3f7933ff0cad0dd85a870cefd427ff43896eca1544968e48e2f36615f2c0492fe19c3ee77aa782c064977ba7ffbd
- SSDEEP
  
  192:oHQbxxLN7g0hMFhcihOsC2hOEgkFh55Uo2CfNEn+wbpPSovPL9JI7FO:omxHTfks1CfinvBXLk7FO
Score

10^/10

redline sirus discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesirusdiscoveryinfostealerspywarestealer

behavioral2

© 2018-2024

Terms | Privacy