redline | e3c1577eac697afa0ab7f2d0eb8128fd75c69fc87c40f3f0f058532aa85a3d3b | Triage

Submit
Reports

Overview

overview

Static

static

Run.exe

windows7_x64

Run.exe

windows10_x64

Sharing

General

Target

Run.exe
Size

162KB
Sample

210717-rlby16h9sj
MD5

fda22da8bf91b9df75088e136961abd5
SHA1

30497f7bfb005e7658f391aa9c6e90978ba5d4e6
SHA256

e3c1577eac697afa0ab7f2d0eb8128fd75c69fc87c40f3f0f058532aa85a3d3b
SHA512

77bb2cd443fcf0f12f521eec6f325fcb24bed4af482e13ae33e4ae8c01f8055fbc8b1f7a3a177f3af0d8a73d34794ee4aaaad8a6e33b84d0cf86ddfbc4be5677

Score

10^/10

redline pushka agilenet discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Run.exe

Resource

win7v20210408

redline pushka agilenet discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Run.exe

Resource

win10v20210410

redline pushka agilenet discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

pushka

C2

95.217.123.66:1835

Targets

- Target
  
  Run.exe
- Size
  
  162KB
- MD5
  
  fda22da8bf91b9df75088e136961abd5
- SHA1
  
  30497f7bfb005e7658f391aa9c6e90978ba5d4e6
- SHA256
  
  e3c1577eac697afa0ab7f2d0eb8128fd75c69fc87c40f3f0f058532aa85a3d3b
- SHA512
  
  77bb2cd443fcf0f12f521eec6f325fcb24bed4af482e13ae33e4ae8c01f8055fbc8b1f7a3a177f3af0d8a73d34794ee4aaaad8a6e33b84d0cf86ddfbc4be5677
Score

10^/10

redline pushka agilenet discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinepushkaagilenetdiscoveryinfostealerspywarestealer

behavioral2

redlinepushkaagilenetdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy