redline | 0daaaef52dafd8b083e482b61ba2745e7df7f2e99aac69bfe0d6b5f8be131aae | Triage

Submit
Reports

Overview

overview

Static

static

0daaaef52d...c6.exe

windows7_x64

0daaaef52d...c6.exe

windows10_x64

Sharing

General

Target

0daaaef52dafd8b083e482b61ba2745e7df7f2e99aac6.exe
Size

1.2MB
Sample

210422-qv9wgs2jes
MD5

911a56e447cd36e0bdeaa395279f55d2
SHA1

588dafaf8588dbb7ed813da657b754a40d16876d
SHA256

0daaaef52dafd8b083e482b61ba2745e7df7f2e99aac69bfe0d6b5f8be131aae
SHA512

0a5098784c5f28b1664941c55441b38dab599b97595468ce45afc8805e5eb9c7a2f2fbdbddeeac631810d7ec80086a84deae8650227585362721404789b84dc0

Score

10^/10

redline discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

0daaaef52dafd8b083e482b61ba2745e7df7f2e99aac6.exe

Resource

win7v20210410

redline discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

0daaaef52dafd8b083e482b61ba2745e7df7f2e99aac6.exe

Resource

win10v20210408

redline discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

C2

farvelaxha.xyz:80

Targets

- Target
  
  0daaaef52dafd8b083e482b61ba2745e7df7f2e99aac6.exe
- Size
  
  1.2MB
- MD5
  
  911a56e447cd36e0bdeaa395279f55d2
- SHA1
  
  588dafaf8588dbb7ed813da657b754a40d16876d
- SHA256
  
  0daaaef52dafd8b083e482b61ba2745e7df7f2e99aac69bfe0d6b5f8be131aae
- SHA512
  
  0a5098784c5f28b1664941c55441b38dab599b97595468ce45afc8805e5eb9c7a2f2fbdbddeeac631810d7ec80086a84deae8650227585362721404789b84dc0
Score

10^/10

redline discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealerspywarestealer

behavioral2

redlinediscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy