redline | 5ab0fc173ce9184d57a9d79a2295c9fa2c2a82af9f947c7db75c1152d0ddeb5d | Triage

Submit
Reports

Overview

overview

Static

static

Minecraft ....3.exe

windows7_x64

Minecraft ....3.exe

windows10_x64

Sharing

General

Target

Minecraft v3.3.zip
Size

148KB
Sample

210716-zhq23h8yk6
MD5

2ba54e795af3cbc302a1ba3c79471c6d
SHA1

ddb86dbb1e3745b19e3a14a3410645f95b93ae53
SHA256

5ab0fc173ce9184d57a9d79a2295c9fa2c2a82af9f947c7db75c1152d0ddeb5d
SHA512

cbf4347fdc0d179ac9700b9c393f22716b24354602f2d66db9b7d9bd75a7b78ccd0ae0fe7f6784eed12435b559a08665261ee734eba0074a3e44f4eb5ed4809c

Score

10^/10

redline ytmaloy5 agilenet discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Minecraft v3.3/Minecraft_v3.3.exe

Resource

win7v20210408

redline ytmaloy5 agilenet discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Minecraft v3.3/Minecraft_v3.3.exe

Resource

win10v20210410

redline ytmaloy5 agilenet discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

ytmaloy5

C2

46.8.19.196:53773

Targets

- Target
  
  Minecraft v3.3/Minecraft_v3.3.exe
- Size
  
  251KB
- MD5
  
  cde0ac14f841c60b1b63364d8a1245ce
- SHA1
  
  9ea83898509981b1884c068e249f5cdac6018e9f
- SHA256
  
  fecf30cf57db17985193ff17ffca3697562215ac1b66d0c7cab2fa7c36c8cf5d
- SHA512
  
  e2a7a717bfaf366c772bbff1c032ccda98d92cea059dc0490a1fd85099124455ba4274986da4563f0f9e8678adfa48291f2312de1e05e7b3528d8c2408750897
Score

10^/10

redline ytmaloy5 agilenet discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineytmaloy5agilenetdiscoveryinfostealerspywarestealer

behavioral2

redlineytmaloy5agilenetdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy