redline | 6a69706b050bfe1384d7a09c1e61b567171a71be82e43bf377b095762f28eee6 | Triage

Submit
Reports

Overview

overview

Static

static

samuelzx.exe

windows7-x64

samuelzx.exe

windows10-2004-x64

Sharing

General

Target

samuelzx.exe
Size

748KB
Sample

220920-jajcmaccd3
MD5

bc50206551400cd578d40ad82dc8acec
SHA1

91aef315ae4eb1b3b0bf351a7aed9e6b3ec6fcf0
SHA256

6a69706b050bfe1384d7a09c1e61b567171a71be82e43bf377b095762f28eee6
SHA512

110c7ebd538ae43b2b533187c8248ee107f8a4f373cf727f54241aa8d6e1934c257384d07f0fec19d278ba44ada1aed5b6eccf2615b60c8158e0c23a3bece984
SSDEEP

6144:8eWN4alYBW+vEdnUPjdjcqBEL+aH0rqmkkiXig9C+3gBhbVXp2sdC2OrSwRh3PtE:8Tyaicz2Pje4E/UrRTg9CjbL24mrl

Score

10^/10

redline sirus discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

samuelzx.exe

Resource

win7-20220901-en

redline sirus discovery infostealer spyware stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

samuelzx.exe

Resource

win10v2004-20220812-en

redline sirus discovery infostealer spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

sirus

C2

147.124.223.126:4444

Targets

- Target
  
  samuelzx.exe
- Size
  
  748KB
- MD5
  
  bc50206551400cd578d40ad82dc8acec
- SHA1
  
  91aef315ae4eb1b3b0bf351a7aed9e6b3ec6fcf0
- SHA256
  
  6a69706b050bfe1384d7a09c1e61b567171a71be82e43bf377b095762f28eee6
- SHA512
  
  110c7ebd538ae43b2b533187c8248ee107f8a4f373cf727f54241aa8d6e1934c257384d07f0fec19d278ba44ada1aed5b6eccf2615b60c8158e0c23a3bece984
- SSDEEP
  
  6144:8eWN4alYBW+vEdnUPjdjcqBEL+aH0rqmkkiXig9C+3gBhbVXp2sdC2OrSwRh3PtE:8Tyaicz2Pje4E/UrRTg9CjbL24mrl
Score

10^/10

redline sirus discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinesirusdiscoveryinfostealerspywarestealer

behavioral2

redlinesirusdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy