redline | 8c2bcfb8657193f893a95fac8d90cabad1b35ed4ed2402dc717523ef255b9e2e | Triage

Submit
Reports

Overview

overview

Static

static

eeb397bd85...d1.exe

windows7_x64

eeb397bd85...d1.exe

windows10_x64

Sharing

General

Target

eeb397bd859f7efb9e507c0878562cd1.exe
Size

995KB
Sample

210502-gt3ysvlywx
MD5

eeb397bd859f7efb9e507c0878562cd1
SHA1

f2933d4df487ff310ff6e755884f2baf14404f5b
SHA256

8c2bcfb8657193f893a95fac8d90cabad1b35ed4ed2402dc717523ef255b9e2e
SHA512

9c8e1567621e81535d921ac2a0fabb468d8d7aa83bb793851c9434a49e7f7b9d62d21bad9646220be241f9c9b67858dc99af9d1e09affe3753a2d2496598dacd

Score

10^/10

redline 2.05.111m discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

eeb397bd859f7efb9e507c0878562cd1.exe

Resource

win7v20210410

redline 2.05.111m discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

eeb397bd859f7efb9e507c0878562cd1.exe

Resource

win10v20210408

redline 2.05.111m discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

2.05.111M

C2

redworksite.info:80

Targets

- Target
  
  eeb397bd859f7efb9e507c0878562cd1.exe
- Size
  
  995KB
- MD5
  
  eeb397bd859f7efb9e507c0878562cd1
- SHA1
  
  f2933d4df487ff310ff6e755884f2baf14404f5b
- SHA256
  
  8c2bcfb8657193f893a95fac8d90cabad1b35ed4ed2402dc717523ef255b9e2e
- SHA512
  
  9c8e1567621e81535d921ac2a0fabb468d8d7aa83bb793851c9434a49e7f7b9d62d21bad9646220be241f9c9b67858dc99af9d1e09affe3753a2d2496598dacd
Score

10^/10

redline 2.05.111m discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline2.05.111mdiscoveryinfostealerspywarestealer

behavioral2

redline2.05.111mdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy