redline | d35d5b5ff516cdea2f6c27d47a7cf9d922bf14d4c3cef826c80f62aaad07afeb | Triage

Submit
Reports

Overview

overview

Static

static

Minecraft_v3.2.exe

windows7_x64

Minecraft_v3.2.exe

windows10_x64

Sharing

General

Target

Minecraft_v3.2.exe
Size

204KB
Sample

210715-lhgad4f4jn
MD5

242a4e885799f3ee236c3c69ee1756d3
SHA1

1a0210297cb259e5b0a0750bf7eb3407a386836b
SHA256

d35d5b5ff516cdea2f6c27d47a7cf9d922bf14d4c3cef826c80f62aaad07afeb
SHA512

25430d894ea4791edd1edabf757e4bb5a6c3626f552a58ea40c6c9df48ad9b3892dcc9013e54b13432f9579eb96817268b8e82f59cfadca53a709600b03c5279

Score

10^/10

redline ytmaloy4 agilenet discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Minecraft_v3.2.exe

Resource

win7v20210410

redline ytmaloy4 agilenet discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Minecraft_v3.2.exe

Resource

win10v20210410

redline ytmaloy4 agilenet discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

ytmaloy4

C2

46.8.19.196:53773

Targets

- Target
  
  Minecraft_v3.2.exe
- Size
  
  204KB
- MD5
  
  242a4e885799f3ee236c3c69ee1756d3
- SHA1
  
  1a0210297cb259e5b0a0750bf7eb3407a386836b
- SHA256
  
  d35d5b5ff516cdea2f6c27d47a7cf9d922bf14d4c3cef826c80f62aaad07afeb
- SHA512
  
  25430d894ea4791edd1edabf757e4bb5a6c3626f552a58ea40c6c9df48ad9b3892dcc9013e54b13432f9579eb96817268b8e82f59cfadca53a709600b03c5279
Score

10^/10

redline ytmaloy4 agilenet discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineytmaloy4agilenetdiscoveryinfostealerspywarestealer

behavioral2

redlineytmaloy4agilenetdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy