redline | e726f2014db779e3605f60499f84676ceb45160c6d092bedfa115f7e09d693e8 | Triage

Submit
Reports

Overview

overview

Static

static

888ab99280...bd.exe

windows7_x64

888ab99280...bd.exe

windows10_x64

Sharing

General

Target

888ab99280a081717ec5c5749266d1bd
Size

584KB
Sample

210722-6asys3d5n2
MD5

888ab99280a081717ec5c5749266d1bd
SHA1

3a071aeadd42c1232ff2878d2adf7f1e4a629180
SHA256

e726f2014db779e3605f60499f84676ceb45160c6d092bedfa115f7e09d693e8
SHA512

85b78c1489ed6a8fd375380595f3597968d026de0bd0cfe58e26cd4d6590f1d171626c0a8f677cc71d7405e5e647ede4692e615fd63a63597db724da15dc2299

Score

10^/10

redline world discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

888ab99280a081717ec5c5749266d1bd.exe

Resource

win7v20210410

redline world discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

888ab99280a081717ec5c5749266d1bd.exe

Resource

win10v20210408

redline world discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

world

C2

yspasenana.xyz:80

Targets

- Target
  
  888ab99280a081717ec5c5749266d1bd
- Size
  
  584KB
- MD5
  
  888ab99280a081717ec5c5749266d1bd
- SHA1
  
  3a071aeadd42c1232ff2878d2adf7f1e4a629180
- SHA256
  
  e726f2014db779e3605f60499f84676ceb45160c6d092bedfa115f7e09d693e8
- SHA512
  
  85b78c1489ed6a8fd375380595f3597968d026de0bd0cfe58e26cd4d6590f1d171626c0a8f677cc71d7405e5e647ede4692e615fd63a63597db724da15dc2299
Score

10^/10

redline world discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Downloads MZ/PE file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

redlineworlddiscoveryinfostealerspywarestealer

behavioral2

redlineworlddiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy