redline | fecf30cf57db17985193ff17ffca3697562215ac1b66d0c7cab2fa7c36c8cf5d | Triage

Submit
Reports

Overview

overview

Static

static

Minecraft_v3.3.exe

windows7_x64

Minecraft_v3.3.exe

windows10_x64

Sharing

General

Target

Minecraft_v3.3.exe
Size

251KB
Sample

210716-7ykw4a1y9j
MD5

cde0ac14f841c60b1b63364d8a1245ce
SHA1

9ea83898509981b1884c068e249f5cdac6018e9f
SHA256

fecf30cf57db17985193ff17ffca3697562215ac1b66d0c7cab2fa7c36c8cf5d
SHA512

e2a7a717bfaf366c772bbff1c032ccda98d92cea059dc0490a1fd85099124455ba4274986da4563f0f9e8678adfa48291f2312de1e05e7b3528d8c2408750897

Score

10^/10

redline ytmaloy5 agilenet discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Minecraft_v3.3.exe

Resource

win7v20210410

redline ytmaloy5 agilenet discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Minecraft_v3.3.exe

Resource

win10v20210410

redline ytmaloy5 agilenet discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

ytmaloy5

C2

46.8.19.196:53773

Targets

- Target
  
  Minecraft_v3.3.exe
- Size
  
  251KB
- MD5
  
  cde0ac14f841c60b1b63364d8a1245ce
- SHA1
  
  9ea83898509981b1884c068e249f5cdac6018e9f
- SHA256
  
  fecf30cf57db17985193ff17ffca3697562215ac1b66d0c7cab2fa7c36c8cf5d
- SHA512
  
  e2a7a717bfaf366c772bbff1c032ccda98d92cea059dc0490a1fd85099124455ba4274986da4563f0f9e8678adfa48291f2312de1e05e7b3528d8c2408750897
Score

10^/10

redline ytmaloy5 agilenet discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineytmaloy5agilenetdiscoveryinfostealerspywarestealer

behavioral2

redlineytmaloy5agilenetdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy