redline | 299f5ab23fbfbf27a228038da5c7f2275920356aab33fc64a31cccf0d30ffc84 | Triage

Submit
Reports

Overview

overview

Static

static

3

dridex

windows10-1703-x64

Sharing

General

Target

299f5ab23fbfbf27a228038da5c7f2275920356aab33fc64a31cccf0d30ffc84
Size

353KB
Sample

230605-lwjavsfg74
MD5

a3d79b9863f5a98814552b1e39e3cf20
SHA1

fba3cbe828ee47e92b20f11a79047c9a67a6d314
SHA256

299f5ab23fbfbf27a228038da5c7f2275920356aab33fc64a31cccf0d30ffc84
SHA512

8494b667d3f5581e9fcf001f6106b28d077a50e6fdb9bf62b2474cf7c59b05a696ea6294884f9c18a912058d15254db0be077d43f400d1cba66ea90d92a6586a
SSDEEP

6144:y2sdlrA77AwnG7rFvvLgRLnpPwbxopSJwSRoiuWb:yy77Aw2dCbpPGZJbB

Score

10^/10

redline @chicago microsoft infostealer phishing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

299f5ab23fbfbf27a228038da5c7f2275920356aab33fc64a31cccf0d30ffc84.exe

Resource

win10-20230220-en

redline @chicago microsoft infostealer phishing

windows10-1703-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

@Chicago

C2

185.81.68.115:2920

Attributes

auth_value
624a75e46c4217bc2cafb7758d1978d9

Targets

- Target
  
  299f5ab23fbfbf27a228038da5c7f2275920356aab33fc64a31cccf0d30ffc84
- Size
  
  353KB
- MD5
  
  a3d79b9863f5a98814552b1e39e3cf20
- SHA1
  
  fba3cbe828ee47e92b20f11a79047c9a67a6d314
- SHA256
  
  299f5ab23fbfbf27a228038da5c7f2275920356aab33fc64a31cccf0d30ffc84
- SHA512
  
  8494b667d3f5581e9fcf001f6106b28d077a50e6fdb9bf62b2474cf7c59b05a696ea6294884f9c18a912058d15254db0be077d43f400d1cba66ea90d92a6586a
- SSDEEP
  
  6144:y2sdlrA77AwnG7rFvvLgRLnpPwbxopSJwSRoiuWb:yy77Aw2dCbpPGZJbB
Score

10^/10

redline @chicago microsoft infostealer phishing
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline@chicagomicrosoftinfostealerphishing

© 2018-2024

Terms | Privacy