redline | ab1b7bb6e9ab4d236af50fde41238818522f92ea990c2190af88b6514bf5559a | Triage

Submit
Reports

Overview

overview

Static

static

cf89ccd91a...9a.exe

windows7_x64

cf89ccd91a...9a.exe

windows10_x64

Sharing

General

Target

cf89ccd91a0582286a6d6fbb4721c99a.exe
Size

850KB
Sample

210609-pas721flx2
MD5

cf89ccd91a0582286a6d6fbb4721c99a
SHA1

8a1d9e9a449f81293e1c861c7fb495f265343d00
SHA256

ab1b7bb6e9ab4d236af50fde41238818522f92ea990c2190af88b6514bf5559a
SHA512

824f2c0c01d07268634449402a9ce0e9228304081823aa69da73e5e85b27cf04b62a2972ee137967fd6dd2a63ebc7aaaf7da6bb44ec1f9da346a9243da0aba1e

Score

10^/10

redline 3 discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

cf89ccd91a0582286a6d6fbb4721c99a.exe

Resource

win7v20210410

redline 3 discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

cf89ccd91a0582286a6d6fbb4721c99a.exe

Resource

win10v20210408

redline 3 discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

3

C2

94.26.248.63:7447

Targets

- Target
  
  cf89ccd91a0582286a6d6fbb4721c99a.exe
- Size
  
  850KB
- MD5
  
  cf89ccd91a0582286a6d6fbb4721c99a
- SHA1
  
  8a1d9e9a449f81293e1c861c7fb495f265343d00
- SHA256
  
  ab1b7bb6e9ab4d236af50fde41238818522f92ea990c2190af88b6514bf5559a
- SHA512
  
  824f2c0c01d07268634449402a9ce0e9228304081823aa69da73e5e85b27cf04b62a2972ee137967fd6dd2a63ebc7aaaf7da6bb44ec1f9da346a9243da0aba1e
Score

10^/10

redline 3 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline3discoveryinfostealerspywarestealer

behavioral2

redline3discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy