redline | 1c11dfc196eca178e505a906b57afbb27a84a19b0fc64ca6977ad99230b459ef | Triage

Submit
Reports

Overview

overview

Static

static

mixazed_20...32.exe

windows7_x64

mixazed_20...32.exe

windows10_x64

Sharing

General

Target

mixazed_20210714-163432
Size

225KB
Sample

210714-7we9t1zeke
MD5

56a632be6c6d5904301e78f739cefd73
SHA1

acb64f79993625f0da05207f0ba7f26517786fdb
SHA256

1c11dfc196eca178e505a906b57afbb27a84a19b0fc64ca6977ad99230b459ef
SHA512

99db44d1cc4cd6d7661d5a54bb60469b6cd42921f52a5e7b56513a6f3423a5ef73297055a86005ed0d0d37b9bf9de3334b6dcc1a70b8466c0d309814e3244796

Score

10^/10

redline club78 agilenet discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

mixazed_20210714-163432.exe

Resource

win7v20210410

redline club78 agilenet discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

mixazed_20210714-163432.exe

Resource

win10v20210408

redline club78 agilenet infostealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

club78

C2

91.219.62.16:33526

Targets

- Target
  
  mixazed_20210714-163432
- Size
  
  225KB
- MD5
  
  56a632be6c6d5904301e78f739cefd73
- SHA1
  
  acb64f79993625f0da05207f0ba7f26517786fdb
- SHA256
  
  1c11dfc196eca178e505a906b57afbb27a84a19b0fc64ca6977ad99230b459ef
- SHA512
  
  99db44d1cc4cd6d7661d5a54bb60469b6cd42921f52a5e7b56513a6f3423a5ef73297055a86005ed0d0d37b9bf9de3334b6dcc1a70b8466c0d309814e3244796
Score

10^/10

redline club78 agilenet discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineclub78agilenetdiscoveryinfostealerspywarestealer

behavioral2

redlineclub78agilenetinfostealer

© 2018-2024

Terms | Privacy