redline | ae768cff8bbfa2be1adefa47c6ac977af1964bbdf6b90305617c6649a9e8739e | Triage

Submit
Reports

Overview

overview

Static

static

mixazed_20...52.exe

windows7_x64

mixazed_20...52.exe

windows10_x64

Sharing

General

Target

mixazed_20210720-022252
Size

1014KB
Sample

210720-rk193b5wwx
MD5

e5a254d286db13b3bf3c2fa73e0501db
SHA1

d06162a0d16229c48af77a731265bed0b1411b13
SHA256

ae768cff8bbfa2be1adefa47c6ac977af1964bbdf6b90305617c6649a9e8739e
SHA512

ec20e1c76c5b73f20dbbd8533573310c98c649428e9624f09b58dadc97de6dadd6305d7be5957213e34673b4f5e4b14de872bc824bed6047a658c1afda2d4108

Score

10^/10

redline test1 discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

mixazed_20210720-022252.exe

Resource

win7v20210410

redline test1 discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

mixazed_20210720-022252.exe

Resource

win10v20210408

redline test1 discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

test1

C2

185.215.113.63:23098

Targets

- Target
  
  mixazed_20210720-022252
- Size
  
  1014KB
- MD5
  
  e5a254d286db13b3bf3c2fa73e0501db
- SHA1
  
  d06162a0d16229c48af77a731265bed0b1411b13
- SHA256
  
  ae768cff8bbfa2be1adefa47c6ac977af1964bbdf6b90305617c6649a9e8739e
- SHA512
  
  ec20e1c76c5b73f20dbbd8533573310c98c649428e9624f09b58dadc97de6dadd6305d7be5957213e34673b4f5e4b14de872bc824bed6047a658c1afda2d4108
Score

10^/10

redline test1 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinetest1discoveryinfostealerspywarestealer

behavioral2

redlinetest1discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy