redline | 38ce15ff72fe07a74ac9e4692fac7c0b964ca3c4f6def07d942fd94ecfd80981 | Triage

Submit
Reports

Overview

overview

Static

static

1

piggy.png

windows7-x64

3

piggy.png

windows10-2004-x64

Resubmissions

02-07-2024 23:48

240702-3tl3eawdpf 10

02-07-2024 23:39

240702-3nl58awbkg 10

02-07-2024 23:36

240702-3lzzaszekr 6

02-07-2024 06:39

240702-heslesvapn 10

02-07-2024 06:28

240702-g8c76atgjr 10

02-07-2024 06:22

240702-g4z65azepb 6

02-07-2024 06:05

240702-gs9leszbja 6

02-07-2024 06:00

240702-gqde7szaje 8

Sharing

General

Target

piggy.png
Size

1.3MB
Sample

240702-heslesvapn
MD5

db441b970d8b070324fad09acb7ca77f
SHA1

d71a69ffc7c67b2bc338d809b2a7933d1139638a
SHA256

38ce15ff72fe07a74ac9e4692fac7c0b964ca3c4f6def07d942fd94ecfd80981
SHA512

49b8b422831afec6f9600f9ee03b6ff237abf548ffecb607a38992ae72c6d27820e980e79217c784b13b6df70d56482b26a06f058bb00a326e1564f7fcb1b55d
SSDEEP

24576:bNkiU39wq+8/EV7QXZyP2wWYMmxtJMdhBgf0n1BcFvnbz:bNV09wq+gECnGfJ0Bu0n1OZP

Score

10^/10

redline wannacry 5195552529 aspackv2 discovery execution infostealer ransomware spyware stealer worm

Static task

static1

Behavioral task

behavioral1

Sample

piggy.png

Resource

win7-20240221-en

windows7-x64

2 signatures

1800 seconds

Behavioral task

behavioral2

Sample

piggy.png

Resource

win10v2004-20240611-en

redline wannacry 5195552529 aspackv2 discovery execution infostealer ransomware spyware stealer worm

windows10-2004-x64

27 signatures

1800 seconds

Malware Config

Extracted

Family

redline

Botnet

5195552529

C2

https://t.me/+7Lir0e4Gw381MDhi*https://steamcommunity.com/profiles/76561199038841443

Targets

- Target
  
  piggy.png
- Size
  
  1.3MB
- MD5
  
  db441b970d8b070324fad09acb7ca77f
- SHA1
  
  d71a69ffc7c67b2bc338d809b2a7933d1139638a
- SHA256
  
  38ce15ff72fe07a74ac9e4692fac7c0b964ca3c4f6def07d942fd94ecfd80981
- SHA512
  
  49b8b422831afec6f9600f9ee03b6ff237abf548ffecb607a38992ae72c6d27820e980e79217c784b13b6df70d56482b26a06f058bb00a326e1564f7fcb1b55d
- SSDEEP
  
  24576:bNkiU39wq+8/EV7QXZyP2wWYMmxtJMdhBgf0n1BcFvnbz:bNV09wq+gECnGfJ0Bu0n1OZP
Score

10^/10

redline wannacry 5195552529 aspackv2 discovery execution infostealer ransomware spyware stealer worm
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Downloads MZ/PE file
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Sets desktop wallpaper using registry
  ransomware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Defacement

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

redlinewannacry5195552529aspackv2discoveryexecutioninfostealerransomwarespywarestealerworm

© 2018-2024

Terms | Privacy