redline | 403d0422e6db9adbfc47a7056e3946737b7e76fe097c4c43d4906fe167a5e75a | Triage

Submit
Reports

Overview

overview

Static

static

1

GitHub.Installer.zip

windows10-2004-x64

Sharing

General

Target

GitHub.Installer.zip
Size

20.0MB
Sample

241123-y1zjvs1jgl
MD5

14871c98f75a900ac3b41c9091b0484d
SHA1

5849d6ab6cc59560a5857267953e98071bd3ae55
SHA256

403d0422e6db9adbfc47a7056e3946737b7e76fe097c4c43d4906fe167a5e75a
SHA512

7c3b8d3fac4357e03d68147dde1aebc0cd3253b31a592a5bb1fd94dd60b192d89961f9d4573e144e82d023b5945aafcee61955cea657d8aba959465610ade40e
SSDEEP

393216:dXz7pLcn49wQSjauUux6BjNNXfGNHaBso4ZiYj6ZvfQ89HbZ+:dXY4GQSjaPLjNNXO621TUf79HbZ+

Score

10^/10

redline @sentak88 discovery execution infostealer persistence

Static task

static1

Behavioral task

behavioral1

Sample

GitHub.Installer.zip

Resource

win10v2004-20241007-de

redline @sentak88 discovery execution infostealer persistence

windows10-2004-x64

32 signatures

300 seconds

Malware Config

Extracted

Family

redline

Botnet

@Sentak88

C2

45.15.156.167:80

Targets

- Target
  
  GitHub.Installer.zip
- Size
  
  20.0MB
- MD5
  
  14871c98f75a900ac3b41c9091b0484d
- SHA1
  
  5849d6ab6cc59560a5857267953e98071bd3ae55
- SHA256
  
  403d0422e6db9adbfc47a7056e3946737b7e76fe097c4c43d4906fe167a5e75a
- SHA512
  
  7c3b8d3fac4357e03d68147dde1aebc0cd3253b31a592a5bb1fd94dd60b192d89961f9d4573e144e82d023b5945aafcee61955cea657d8aba959465610ade40e
- SSDEEP
  
  393216:dXz7pLcn49wQSjauUux6BjNNXfGNHaBso4ZiYj6ZvfQ89HbZ+:dXY4GQSjaPLjNNXO621TUf79HbZ+
Score

10^/10

redline @sentak88 discovery execution infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline@sentak88discoveryexecutioninfostealerpersistence

© 2018-2024

Terms | Privacy