redline | 3e6479c74ad0c9615983f1fd6e51a6efeb566277e11065c6dfac24579fefd80c | Triage

Submit
Reports

Overview

overview

Static

static

3

Doge.exe

windows7-x64

Doge.exe

windows10-2004-x64

Sharing

General

Target

Doge.exe
Size

1021KB
Sample

230519-x436saad4s
MD5

2755ef8b6d8631ea86b218719860e29b
SHA1

38e7bf4e848475b6c7542b01f29e2cd82ad6ae89
SHA256

3e6479c74ad0c9615983f1fd6e51a6efeb566277e11065c6dfac24579fefd80c
SHA512

c3c2ccfda0f0885bd0f37fc31021a164737978130254ac7e1a80590cd0cff300fee8de9a8309d2dfbdfb8d941ac92bd40bba5dcfb58cbd5f77bdc8bd1519d829
SSDEEP

12288:+MrLy90j0CSp/Bhw1XsY2GUrLToxYFyRCD9qCM+jH1wVWB38iY+QQ2lod8HlY0Cy:VyBjg0G9+wCEIJ8ic1FqqIxSfj

Score

10^/10

redline luper discovery evasion infostealer persistence spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Doge.exe

Resource

win7-20230220-en

redline luper discovery evasion infostealer persistence spyware stealer trojan

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

Doge.exe

Resource

win10v2004-20230221-en

redline luper discovery evasion infostealer persistence spyware stealer trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

luper

C2

77.91.68.253:19065

Attributes

auth_value
474f8e2f629b7bc1a8c7ea1dc39ca043

Targets

- Target
  
  Doge.exe
- Size
  
  1021KB
- MD5
  
  2755ef8b6d8631ea86b218719860e29b
- SHA1
  
  38e7bf4e848475b6c7542b01f29e2cd82ad6ae89
- SHA256
  
  3e6479c74ad0c9615983f1fd6e51a6efeb566277e11065c6dfac24579fefd80c
- SHA512
  
  c3c2ccfda0f0885bd0f37fc31021a164737978130254ac7e1a80590cd0cff300fee8de9a8309d2dfbdfb8d941ac92bd40bba5dcfb58cbd5f77bdc8bd1519d829
- SSDEEP
  
  12288:+MrLy90j0CSp/Bhw1XsY2GUrLToxYFyRCD9qCM+jH1wVWB38iY+QQ2lod8HlY0Cy:VyBjg0G9+wCEIJ8ic1FqqIxSfj
Score

10^/10

redline luper discovery evasion infostealer persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineluperdiscoveryevasioninfostealerpersistencespywarestealertrojan

behavioral2

redlineluperdiscoveryevasioninfostealerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy