redline | 1f22ccc2ea38b1e6134ba8d90f5bf890b921689f97f8aefbfa7b6a96dd774940 | Triage

Sharing

General

Target

jre-8u351-windows.exe
Size

677.7MB
Sample

221123-bj98psaf51
MD5

fb437fbaea26872ddc2b2d6cc9c99b7e
SHA1

94e4dfee270b2a9a3d7922e62d864cf14815fc42
SHA256

1f22ccc2ea38b1e6134ba8d90f5bf890b921689f97f8aefbfa7b6a96dd774940
SHA512

aab970cec7da9e163b0e80bb3d5a4fd774879f664d510a9b7c1f54eab01191e24076a6f3afc3c9e122ba5179cbb6d4d6b4971ec4cd7906cb8c6813fb34b59567
SSDEEP

3072:kahKyd2n31j95tgZ6uuPFWQyKKKK3BbddJL:kahON4YPFaJ

Score

10^/10

redline 22 discovery infostealer persistence spyware stealer

Malware Config

Extracted

Family

redline

Botnet

22

C2

194.62.42.182:9697

Attributes

auth_value
f346b477bf47eb4a5121a5288e53a759

Targets

- Target
  
  jre-8u351-windows.exe
- Size
  
  677.7MB
- MD5
  
  fb437fbaea26872ddc2b2d6cc9c99b7e
- SHA1
  
  94e4dfee270b2a9a3d7922e62d864cf14815fc42
- SHA256
  
  1f22ccc2ea38b1e6134ba8d90f5bf890b921689f97f8aefbfa7b6a96dd774940
- SHA512
  
  aab970cec7da9e163b0e80bb3d5a4fd774879f664d510a9b7c1f54eab01191e24076a6f3afc3c9e122ba5179cbb6d4d6b4971ec4cd7906cb8c6813fb34b59567
- SSDEEP
  
  3072:kahKyd2n31j95tgZ6uuPFWQyKKKK3BbddJL:kahON4YPFaJ
Score

10^/10

persistence redline 22 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

redline22discoveryinfostealerpersistencespywarestealer