redline | c960de5473e43c6b809237b17c6e13fad2fb45000d54d76374c58f53d843201c | Triage

Sharing

General

Target

Рекламный материал Компании HYPERPC.zip
Size

6.0MB
Sample

230119-m22vtscf8w
MD5

f706d16467388fdb00f171153a89c6f9
SHA1

e4af1a628cfbe9524e1d40498d9ee25bbaa2b1ef
SHA256

c960de5473e43c6b809237b17c6e13fad2fb45000d54d76374c58f53d843201c
SHA512

c0a146ae5a5a3d780b7c86e056f2e90e35efb86a40529e0dfe7d5442e27f2122f4fd15c4271f27bdfe4aecd6cf41094c2727173f134dac76207b71af5a46c719
SSDEEP

98304:atcJ4atrTBIYmOj9tClviBV7IkmNqHNYrOaL6e6szsJDUffMxPUyCp6XRz:S446PBJ19tQqT7IkmNqOOaJeKkPUyCpU

Score

10^/10

redline 22 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

22

C2

79.137.207.219:12330

Attributes

auth_value
046141cdf8f5a195f9586269e3d314af

Targets

- Target
  
  Рекламная презентация компании HYPERPC 09.exe
- Size
  
  268KB
- MD5
  
  926ac40c006e128c7af5add381c27988
- SHA1
  
  67313c1d660c18ae026f9ba090728bd5966874ae
- SHA256
  
  ec4200110ffb0a4c4cfd68900da46a5fbfb5971f9109954235cfec7e699f15f7
- SHA512
  
  4f79403494687fa3df44c3d18d82e1008aeab963b4fb81cd5b629afce90051ea91f1e38c8ddce994ba04663e55d17c37ae3a828b851efde5397d63d4cff93300
- SSDEEP
  
  6144:K6FhdUkNVQss50jrZnt9NG3QX30klHI1IPP:pj1tbGAHfFI1q
Score

10^/10

redline 22 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Blocklisted process makes network request
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1
- Target
  
  Рекламная презентация компании HYPERPC 1,09 .scr
- Size
  
  268KB
- MD5
  
  926ac40c006e128c7af5add381c27988
- SHA1
  
  67313c1d660c18ae026f9ba090728bd5966874ae
- SHA256
  
  ec4200110ffb0a4c4cfd68900da46a5fbfb5971f9109954235cfec7e699f15f7
- SHA512
  
  4f79403494687fa3df44c3d18d82e1008aeab963b4fb81cd5b629afce90051ea91f1e38c8ddce994ba04663e55d17c37ae3a828b851efde5397d63d4cff93300
- SSDEEP
  
  6144:K6FhdUkNVQss50jrZnt9NG3QX30klHI1IPP:pj1tbGAHfFI1q
Score

10^/10

redline 22 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Blocklisted process makes network request
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline22infostealerspyware

behavioral2

redline22infostealerspyware