redline | f9c2f3c090ddc6fcf53b1a8704164658c4e8bfee2215e5a3af8642da9e2b7b78 | Triage

Submit
Reports

Overview

overview

Static

static

e02a33e227...7e.exe

windows7_x64

e02a33e227...7e.exe

windows10_x64

Sharing

General

Target

e02a33e22776a56ea53ccd8f9d1afa7e
Size

358KB
Sample

210707-fds75mm292
MD5

e02a33e22776a56ea53ccd8f9d1afa7e
SHA1

5b09b60da63a4170e1a8385faa5de64739e66386
SHA256

f9c2f3c090ddc6fcf53b1a8704164658c4e8bfee2215e5a3af8642da9e2b7b78
SHA512

4ca5dc7ee4205fb11bc1f8fa2f640fde2aa5a2aa6d7ac0ddb1cb600b12b5ccf3cc4d55cbaf26064556edc5bdaf5fa17bce0d55559f36f02a0ae99831b2998328

Score

10^/10

redline proliv_8k discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

e02a33e22776a56ea53ccd8f9d1afa7e.exe

Resource

win7v20210410

redline proliv_8k discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

e02a33e22776a56ea53ccd8f9d1afa7e.exe

Resource

win10v20210408

redline proliv_8k discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

PROLIV_8K

C2

45.144.29.224:23426

Targets

- Target
  
  e02a33e22776a56ea53ccd8f9d1afa7e
- Size
  
  358KB
- MD5
  
  e02a33e22776a56ea53ccd8f9d1afa7e
- SHA1
  
  5b09b60da63a4170e1a8385faa5de64739e66386
- SHA256
  
  f9c2f3c090ddc6fcf53b1a8704164658c4e8bfee2215e5a3af8642da9e2b7b78
- SHA512
  
  4ca5dc7ee4205fb11bc1f8fa2f640fde2aa5a2aa6d7ac0ddb1cb600b12b5ccf3cc4d55cbaf26064556edc5bdaf5fa17bce0d55559f36f02a0ae99831b2998328
Score

10^/10

redline proliv_8k discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineproliv_8kdiscoveryinfostealerspywarestealer

behavioral2

redlineproliv_8kdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy