redline | 36022c868a49fc44968f6647239106f536b2cae40340ad69e3772f7be482daf7 | Triage

Submit
Reports

Overview

overview

Static

static

a61f6f9400...0d.exe

windows7_x64

a61f6f9400...0d.exe

windows10_x64

Sharing

General

Target

a61f6f94009c04607f1ba923adcaba0d.exe
Size

796KB
Sample

210722-585yx5xsz2
MD5

a61f6f94009c04607f1ba923adcaba0d
SHA1

71b964ba1d7a6ddcebb9fadf29efba3f440c00af
SHA256

36022c868a49fc44968f6647239106f536b2cae40340ad69e3772f7be482daf7
SHA512

0d108e686fa33405b2deb127de0cb4ab60d9960d1af43ea4886496f8249c131da8a5a378b6f61b3d8e09179a295e2a7365b01d2db22d0fd916ce3190904a97dd

Score

10^/10

redline @bestieffcs discovery evasion infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

a61f6f94009c04607f1ba923adcaba0d.exe

Resource

win7v20210410

redline @bestieffcs discovery evasion infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

a61f6f94009c04607f1ba923adcaba0d.exe

Resource

win10v20210410

redline @bestieffcs discovery evasion infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

@bestiefFcs

C2

37.46.128.72:29799

Targets

- Target
  
  a61f6f94009c04607f1ba923adcaba0d.exe
- Size
  
  796KB
- MD5
  
  a61f6f94009c04607f1ba923adcaba0d
- SHA1
  
  71b964ba1d7a6ddcebb9fadf29efba3f440c00af
- SHA256
  
  36022c868a49fc44968f6647239106f536b2cae40340ad69e3772f7be482daf7
- SHA512
  
  0d108e686fa33405b2deb127de0cb4ab60d9960d1af43ea4886496f8249c131da8a5a378b6f61b3d8e09179a295e2a7365b01d2db22d0fd916ce3190904a97dd
Score

10^/10

redline @bestieffcs discovery evasion infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Looks for VMWare Tools registry key
  evasion
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline@bestieffcsdiscoveryevasioninfostealerspywarestealer

behavioral2

redline@bestieffcsdiscoveryevasioninfostealerspywarestealer

© 2018-2024

Terms | Privacy