redline | 8c20d5beb112952d19593b2432d11e3022e69fb5e26ef160ff61b5613760b998 | Triage

Submit
Reports

Overview

overview

Static

static

24dc9485b3...03.exe

windows7_x64

24dc9485b3...03.exe

windows10_x64

Sharing

General

Target

24dc9485b3fcea21dc81118d045d6bd13ca40f04dcc905662b70f4ed5754f003.zip
Size

153KB
Sample

210520-qp6rcgd7ja
MD5

a4b08c79caba24ba5324674c50cdf3dc
SHA1

e09ec6694b34b068984725db4624b6a104f2553e
SHA256

8c20d5beb112952d19593b2432d11e3022e69fb5e26ef160ff61b5613760b998
SHA512

b8aea9bf1206c520e053a9cbed09ec4732eb96c61e8458aca4c25cfec7fdd8fc88f696dbe78f74cff3a5f07c6570433353c4772e05eb0dbfdf80f8d0ff863516

Score

10^/10

redline kreator discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

24dc9485b3fcea21dc81118d045d6bd13ca40f04dcc905662b70f4ed5754f003.exe

Resource

win7v20210410

redline kreator discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

24dc9485b3fcea21dc81118d045d6bd13ca40f04dcc905662b70f4ed5754f003.exe

Resource

win10v20210410

redline kreator discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

KREATOR

C2

45.140.146.214:20498

Targets

- Target
  
  24dc9485b3fcea21dc81118d045d6bd13ca40f04dcc905662b70f4ed5754f003
- Size
  
  569KB
- MD5
  
  4842156a83bbc8f5b1b46b0e2a597ab4
- SHA1
  
  bdda0f367bf93fa75e2bf4b632daab8b615c9c69
- SHA256
  
  24dc9485b3fcea21dc81118d045d6bd13ca40f04dcc905662b70f4ed5754f003
- SHA512
  
  f0fe9c63fc8fd1333297b76f7f0ed414535ffb4f8ab96906c8207840bf63688d8b6e0de8053e7882eeb616ddf83c8021d5940adc9fcba4e8fd1e342c67343f73
Score

10^/10

redline kreator discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinekreatordiscoveryinfostealerspywarestealer

behavioral2

redlinekreatordiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy