redline | 0afeecacdddfdd9a9609abba82f70ccfd06d668536b09220c34e807e5f3b8557 | Triage

Submit
Reports

Overview

overview

Static

static

Zz7RR7rXlZ...R2.exe

windows7_x64

Zz7RR7rXlZ...R2.exe

windows10_x64

Sharing

General

Target

Zz7RR7rXlZGNlYe2MPaS__R2.exe
Size

364KB
Sample

210720-spk9c6xc6x
MD5

feae24e878230fff4bad62996c1d0325
SHA1

1191311e26f9909341da8982934863dfa3089992
SHA256

0afeecacdddfdd9a9609abba82f70ccfd06d668536b09220c34e807e5f3b8557
SHA512

0ae2dd7e3c95dbfe425eeb22e7ba4b0688f06df026513bac786fe9f60868594a316333f646128188e8b911c6682e7603670ee20673a9f8f320a2626ba7fe7575

Score

10^/10

redline sel17 discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Zz7RR7rXlZGNlYe2MPaS__R2.exe

Resource

win7v20210410

redline sel17 discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Zz7RR7rXlZGNlYe2MPaS__R2.exe

Resource

win10v20210408

redline sel17 discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

sel17

C2

dwarimlari.xyz:80

Targets

- Target
  
  Zz7RR7rXlZGNlYe2MPaS__R2.exe
- Size
  
  364KB
- MD5
  
  feae24e878230fff4bad62996c1d0325
- SHA1
  
  1191311e26f9909341da8982934863dfa3089992
- SHA256
  
  0afeecacdddfdd9a9609abba82f70ccfd06d668536b09220c34e807e5f3b8557
- SHA512
  
  0ae2dd7e3c95dbfe425eeb22e7ba4b0688f06df026513bac786fe9f60868594a316333f646128188e8b911c6682e7603670ee20673a9f8f320a2626ba7fe7575
Score

10^/10

redline sel17 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- redlinestealer
  RedlineStealer.
  stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinesel17discoveryinfostealerspywarestealer

behavioral2

redlinesel17discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy