redline | 0595057437ee037181e4886be7c1511e962ca5acf0117f5d2ff89430e927e2c8 | Triage

Submit
Reports

Overview

overview

Static

static

samples.rtf

windows7-x64

samples.rtf

windows10-2004-x64

1

Sharing

General

Target

3e4369969c86520f71fcca5caff0d2ee
Size

22KB
Sample

220922-2hwl2agdfn
MD5

3e4369969c86520f71fcca5caff0d2ee
SHA1

817acfb135f6283f2957f5ae74fd5821975cd06c
SHA256

0595057437ee037181e4886be7c1511e962ca5acf0117f5d2ff89430e927e2c8
SHA512

78e6d07999d6a47f75f0435238a4ee85065d79d1bcb1e9516b684c8e07e5452b9aa926789cf3560b358921d1759dbdb6a54beb027d53a93555f7cd082d644f92
SSDEEP

384:iEGmMYovA+BpQ2/UamwQvq2aTk2QEmXXm7BfeWuv:imRovqDsQn+feWuv

Score

10^/10

redline sirus discovery infostealer

Static task

static1

Behavioral task

behavioral1

Sample

samples.rtf

Resource

win7-20220812-en

redline sirus discovery infostealer

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

samples.rtf

Resource

win10v2004-20220901-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

sirus

C2

147.124.223.126:4444

Targets

- Target
  
  samples.doc
- Size
  
  15KB
- MD5
  
  dbae3a4ff8b3951aa2ff44102b81c11c
- SHA1
  
  7d6a187eef6f5b945731a8236c6d986ca506acd5
- SHA256
  
  2acf37ac90954e6867efa175fdaa73380735bc4104478d7f3d35beea43af6a3a
- SHA512
  
  74630c8534984ec5d1defdab1d8ccd697dc2980dbdb14858b75ac4add055672228effa0bcb24ea36d68bbc4df7dacb89290cc5d7e055ac380989f0e63de4e140
- SSDEEP
  
  192:XuIlMU3u6iCrJqTYPcM0ReohWtXsTdRgYdQpwbWRbtnn32+bUBm3Tt3C9e5PK:XuVg7iCrgUPUXgYupcWT/bnTpTi
Score

10^/10

redline sirus discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinesirusdiscoveryinfostealer

behavioral2

© 2018-2024

Terms | Privacy