redline | 35db5b59f62e3dc3187c543b4e5cd623f5c3905f89ae046877c2fa5b69cf5e39 | Triage

Submit
Reports

Overview

overview

Static

static

cb97d7578c...cb.exe

windows7_x64

cb97d7578c...cb.exe

windows10_x64

Sharing

General

Target

cb97d7578c07fbadf1d6655faf4230cb.exe
Size

370KB
Sample

210723-dhwdvmcgaj
MD5

cb97d7578c07fbadf1d6655faf4230cb
SHA1

54b971448bcfb6a913e460ce4aec72bf131103a9
SHA256

35db5b59f62e3dc3187c543b4e5cd623f5c3905f89ae046877c2fa5b69cf5e39
SHA512

10cddef68909644c66d1d241a249e1db1b344ef57cabe9247b05b9168e1fe20092711f43bceba1244f8d8d54495fca1b15c8f0aa31067942aaa7a26ab6f2df2a

Score

10^/10

redline sel20 discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

cb97d7578c07fbadf1d6655faf4230cb.exe

Resource

win7v20210408

redline sel20 discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

cb97d7578c07fbadf1d6655faf4230cb.exe

Resource

win10v20210410

redline sel20 discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

sel20

C2

dwarimlari.xyz:80

Targets

- Target
  
  cb97d7578c07fbadf1d6655faf4230cb.exe
- Size
  
  370KB
- MD5
  
  cb97d7578c07fbadf1d6655faf4230cb
- SHA1
  
  54b971448bcfb6a913e460ce4aec72bf131103a9
- SHA256
  
  35db5b59f62e3dc3187c543b4e5cd623f5c3905f89ae046877c2fa5b69cf5e39
- SHA512
  
  10cddef68909644c66d1d241a249e1db1b344ef57cabe9247b05b9168e1fe20092711f43bceba1244f8d8d54495fca1b15c8f0aa31067942aaa7a26ab6f2df2a
Score

10^/10

redline sel20 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinesel20discoveryinfostealerspywarestealer

behavioral2

redlinesel20discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy