redline | 23318d0693ef4d2530719da58670c9ad00eddfaf18f50382bb3b55812e4f1a59 | Triage

Submit
Reports

Overview

overview

Static

static

P.O 2709_1.rtf

windows7-x64

P.O 2709_1.rtf

windows10-2004-x64

1

Sharing

General

Target

P.O 2709_1.doc
Size

11KB
Sample

220928-qk384sgaa2
MD5

a76a5beb83b71b2e1294d8489d7fbe41
SHA1

2a4e957643195550640ad7b954afd26391d40b12
SHA256

23318d0693ef4d2530719da58670c9ad00eddfaf18f50382bb3b55812e4f1a59
SHA512

496ca014303cbc13ae925cad93422c3bec54159a869a7f5cc8b5e4a33c564cad2b43cae398fd9eb228879ebe991ae54c0c7338effd6b7821cf54e995883e4350
SSDEEP

192:zNkjAI4TlUbrRi1uPjRKNS1zqdQtN40e3PHVsy898w3dFrlpRiFkK8Fmlq51T9:z4h4T2bQYrRRacBy898w3dBRIkDwg1h

Score

10^/10

redline sirus infostealer

Static task

static1

Behavioral task

behavioral1

Sample

P.O 2709_1.rtf

Resource

win7-20220812-en

redline sirus infostealer

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

P.O 2709_1.rtf

Resource

win10v2004-20220812-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

sirus

C2

147.124.223.126:4444

Targets

- Target
  
  P.O 2709_1.doc
- Size
  
  11KB
- MD5
  
  a76a5beb83b71b2e1294d8489d7fbe41
- SHA1
  
  2a4e957643195550640ad7b954afd26391d40b12
- SHA256
  
  23318d0693ef4d2530719da58670c9ad00eddfaf18f50382bb3b55812e4f1a59
- SHA512
  
  496ca014303cbc13ae925cad93422c3bec54159a869a7f5cc8b5e4a33c564cad2b43cae398fd9eb228879ebe991ae54c0c7338effd6b7821cf54e995883e4350
- SSDEEP
  
  192:zNkjAI4TlUbrRi1uPjRKNS1zqdQtN40e3PHVsy898w3dFrlpRiFkK8Fmlq51T9:z4h4T2bQYrRRacBy898w3dBRIkDwg1h
Score

10^/10

redline sirus infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinesirusinfostealer

behavioral2

© 2018-2024

Terms | Privacy