redline | 36ef5e0db18469267810503ba4fd099e59007c3f10f718bccffdc93e87a853a0 | Triage

Submit
Reports

Overview

overview

Static

static

Minecraft_v4.1.exe

windows7_x64

Minecraft_v4.1.exe

windows10_x64

Sharing

General

Target

Minecraft_v4.1.exe
Size

218KB
Sample

210718-4hwpp87586
MD5

760ae5e7793de36ae8159fc128687577
SHA1

0b1e5bd4e2cf0888d66350ecd4bcecf7f950acee
SHA256

36ef5e0db18469267810503ba4fd099e59007c3f10f718bccffdc93e87a853a0
SHA512

ca9d592d86feecafb557ae5422eff45020863b38fc5c36ed32c9381fd2f154a0125f77ed76cc1f1ea3aef04e4874ca36bc2da6d1f634f1ad6d4dfbc7a64f9f30

Score

10^/10

redline ytmaloy6 agilenet discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Minecraft_v4.1.exe

Resource

win7v20210410

redline ytmaloy6 agilenet discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Minecraft_v4.1.exe

Resource

win10v20210408

redline ytmaloy6 agilenet discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

ytmaloy6

C2

46.8.19.196:53773

Targets

- Target
  
  Minecraft_v4.1.exe
- Size
  
  218KB
- MD5
  
  760ae5e7793de36ae8159fc128687577
- SHA1
  
  0b1e5bd4e2cf0888d66350ecd4bcecf7f950acee
- SHA256
  
  36ef5e0db18469267810503ba4fd099e59007c3f10f718bccffdc93e87a853a0
- SHA512
  
  ca9d592d86feecafb557ae5422eff45020863b38fc5c36ed32c9381fd2f154a0125f77ed76cc1f1ea3aef04e4874ca36bc2da6d1f634f1ad6d4dfbc7a64f9f30
Score

10^/10

redline ytmaloy6 agilenet discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineytmaloy6agilenetdiscoveryinfostealerspywarestealer

behavioral2

redlineytmaloy6agilenetdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy