redline | 289511d98985e1530bccc1c6581bbda4510e52662b74359d5cda3c55f2c3ded9 | Triage

Submit
Reports

Overview

overview

Static

static

mixazed_20...06.exe

windows7_x64

mixazed_20...06.exe

windows10_x64

Sharing

General

Target

mixazed_20210611-034306
Size

529KB
Sample

210611-d2qv7s1knx
MD5

94c7a0eece4eb207ee2122b04909f284
SHA1

3f22a7b318e93d8fb61f733293eb3c6712644c39
SHA256

289511d98985e1530bccc1c6581bbda4510e52662b74359d5cda3c55f2c3ded9
SHA512

0a60d46498017c2517f94ba0fd87ee4d85e25796dea95ebf9d96edf191fb26a42b2ca45f83d6e90851e52451b9aad8ce8c509f0c5f1b810215e5267a7ce81ecf

Score

10^/10

redline dop_installsbot discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

mixazed_20210611-034306.exe

Resource

win7v20210410

redline dop_installsbot discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

mixazed_20210611-034306.exe

Resource

win10v20210408

redline dop_installsbot infostealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

DOP_InstallsBot

C2

digyamonica.xyz:80

Targets

- Target
  
  mixazed_20210611-034306
- Size
  
  529KB
- MD5
  
  94c7a0eece4eb207ee2122b04909f284
- SHA1
  
  3f22a7b318e93d8fb61f733293eb3c6712644c39
- SHA256
  
  289511d98985e1530bccc1c6581bbda4510e52662b74359d5cda3c55f2c3ded9
- SHA512
  
  0a60d46498017c2517f94ba0fd87ee4d85e25796dea95ebf9d96edf191fb26a42b2ca45f83d6e90851e52451b9aad8ce8c509f0c5f1b810215e5267a7ce81ecf
Score

10^/10

redline dop_installsbot discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinedop_installsbotdiscoveryinfostealerspywarestealer

behavioral2

redlinedop_installsbotinfostealer

© 2018-2024

Terms | Privacy