redline | 191a6c8951aa3bc73634891e7551a229e15fd90ff0deacef8a2f3a8594d53f6d | Triage

Submit
Reports

Overview

overview

Static

static

ea64fb745e...d0.exe

windows7_x64

ea64fb745e...d0.exe

windows10_x64

Sharing

General

Target

ea64fb745ef58010d1b9d7ac80f221d0
Size

178KB
Sample

210611-a34czscggs
MD5

ea64fb745ef58010d1b9d7ac80f221d0
SHA1

7be7c6a48ae96c8d7ef692d03c7405dea60f52a6
SHA256

191a6c8951aa3bc73634891e7551a229e15fd90ff0deacef8a2f3a8594d53f6d
SHA512

2a12518ee29836faecef01cc4660710e90ab81fb3e7080158011ea83f531bc2d0d8bc3ecf4ecb177cdee3ce0570f192628c6137ad98131706c76eb08956e8550

Score

10^/10

redline z0rm1on discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

ea64fb745ef58010d1b9d7ac80f221d0.exe

Resource

win7v20210408

redline z0rm1on discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ea64fb745ef58010d1b9d7ac80f221d0.exe

Resource

win10v20210408

redline z0rm1on infostealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

z0rm1on

C2

185.241.61.33:16195

Targets

- Target
  
  ea64fb745ef58010d1b9d7ac80f221d0
- Size
  
  178KB
- MD5
  
  ea64fb745ef58010d1b9d7ac80f221d0
- SHA1
  
  7be7c6a48ae96c8d7ef692d03c7405dea60f52a6
- SHA256
  
  191a6c8951aa3bc73634891e7551a229e15fd90ff0deacef8a2f3a8594d53f6d
- SHA512
  
  2a12518ee29836faecef01cc4660710e90ab81fb3e7080158011ea83f531bc2d0d8bc3ecf4ecb177cdee3ce0570f192628c6137ad98131706c76eb08956e8550
Score

10^/10

redline z0rm1on discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinez0rm1ondiscoveryinfostealerspywarestealer

behavioral2

redlinez0rm1oninfostealer

© 2018-2024

Terms | Privacy