redline | 55fa30deba49d1278145e3ab083182e50146fdc55643c54d3126a7b8a76c0684 | Triage

Submit
Reports

Overview

overview

Static

static

tmp.exe

windows7-x64

3

tmp.exe

windows10-2004-x64

Sharing

General

Target

tmp
Size

638KB
Sample

221216-gjkkyaeb95
MD5

fcee7bf402dedeaf3fcf18a52a56d75b
SHA1

f99c8a99be241fc82c06c2c0155bee4ce26e2e5e
SHA256

55fa30deba49d1278145e3ab083182e50146fdc55643c54d3126a7b8a76c0684
SHA512

0bac4d1f9e3c7d6ba58a4370a59a233506a6565debc81148a40a743188902abbc1e6e822c45a1cf5267f3e3227d913689fdd76bc3d812598b928fcd835c84c68
SSDEEP

12288:UPw4kbHpG72xQBtEOwhnG+ChQKyRHZVuTlnCAEPXemyHLH+:h1JG7ShnGQHZVuTgXu5D+

Score

10^/10

redline spoofer discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

tmp.exe

Resource

win7-20220812-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

tmp.exe

Resource

win10v2004-20221111-en

redline spoofer discovery infostealer spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

SPOOFER

C2

20.197.226.40:32619

Targets

- Target
  
  tmp
- Size
  
  638KB
- MD5
  
  fcee7bf402dedeaf3fcf18a52a56d75b
- SHA1
  
  f99c8a99be241fc82c06c2c0155bee4ce26e2e5e
- SHA256
  
  55fa30deba49d1278145e3ab083182e50146fdc55643c54d3126a7b8a76c0684
- SHA512
  
  0bac4d1f9e3c7d6ba58a4370a59a233506a6565debc81148a40a743188902abbc1e6e822c45a1cf5267f3e3227d913689fdd76bc3d812598b928fcd835c84c68
- SSDEEP
  
  12288:UPw4kbHpG72xQBtEOwhnG+ChQKyRHZVuTlnCAEPXemyHLH+:h1JG7ShnGQHZVuTgXu5D+
Score

10^/10

redline spoofer discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

redlinespooferdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy