redline | 83086e445c0ee419e722fbadcee58be0bc0029aefa9beaa6ca618c0d04444237 | Triage

Submit
Reports

Overview

overview

Static

static

3

Nichiden V...on.exe

windows7-x64

Nichiden V...on.exe

windows10-2004-x64

Sharing

General

Target

1d1702af89bb5cc9e1ba10e87aaa0a4cc593a21e.zip
Size

43KB
Sample

240701-lcs1ysxarq
MD5

78201549f0476a8ff25d3cc1feac7aae
SHA1

64d7d6a229f5a4af3076d8756a9034f24c83816d
SHA256

83086e445c0ee419e722fbadcee58be0bc0029aefa9beaa6ca618c0d04444237
SHA512

f5afe9df789047f40ec20ba98a2fa3b0de416d5b467d9918b3ac57f59faf9bc15cf332addfd3cc94cb85cc2b2a936df13024c6fb22f68362d30509da8cea8e08
SSDEEP

768:9Ow7bHvETmNApGo11w5kCyJ2Y+OrE1Ab2CxAfagUBzN7rUaUFMwW:9HHv3AfwTyTRo1AiHagURRrUaUFMh

Score

10^/10

redline foz infostealer spyware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Nichiden Viet Nam - RFQ List & Specification.exe

Resource

win7-20240508-en

redline foz infostealer spyware

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

Nichiden Viet Nam - RFQ List & Specification.exe

Resource

win10v2004-20240611-en

redline foz infostealer spyware

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

foz

C2

79.110.62.113:1912

Targets

- Target
  
  Nichiden Viet Nam - RFQ List & Specification.exe
- Size
  
  184KB
- MD5
  
  5a5469ff7562aa34384f44eee04643e1
- SHA1
  
  d894b3eb2d2cc3bcebfec296fbf5457cdd77a4b0
- SHA256
  
  64b9457cd80939e1e02d22607e1faae7787d60cc8ccff068f1b0ab2b2c1b8057
- SHA512
  
  51b9e53654e79a14e57e03200b38285f4218c62d68929cfecbeb02296386f2266edc324e619925d981de0e9285c2a5acbba1126dfa0d1d484e1627c438ce5aec
- SSDEEP
  
  1536:AfLsxO9kR8Bx09kANXrA32aF5D1osgrvzsVxI:xO9KUTF3LFx1osMveI
Score

10^/10

redline foz infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinefozinfostealerspyware

behavioral2

redlinefozinfostealerspyware

© 2018-2024

Terms | Privacy