redline | 55aecb45a0e3844c0621c28907e857ec0ab23372e57bfa5dd614ea0b298b2c71 | Triage

Submit
Reports

Overview

overview

Static

static

3242f74bc2...cf.exe

windows7_x64

3242f74bc2...cf.exe

windows10_x64

Sharing

General

Target

3242f74bc2e2936de899a749ecff59cf
Size

195KB
Sample

210724-ngdvwvwcy6
MD5

3242f74bc2e2936de899a749ecff59cf
SHA1

9176f251c6c4135190315ef9d4a2f25b7a801c56
SHA256

55aecb45a0e3844c0621c28907e857ec0ab23372e57bfa5dd614ea0b298b2c71
SHA512

fc7f74b3153a3c798a89fda1efe4809568cd35a7c00a3611275013c0a1ffbbead29e1e67e853875b56e73404c7dcc7c8f4e38296cc560e1086c91f4fcc989927

Score

10^/10

redline 723 discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

3242f74bc2e2936de899a749ecff59cf.exe

Resource

win7v20210408

redline 723 discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

3242f74bc2e2936de899a749ecff59cf.exe

Resource

win10v20210410

redline 723 discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

723

C2

qumaranero.xyz:80

Targets

- Target
  
  3242f74bc2e2936de899a749ecff59cf
- Size
  
  195KB
- MD5
  
  3242f74bc2e2936de899a749ecff59cf
- SHA1
  
  9176f251c6c4135190315ef9d4a2f25b7a801c56
- SHA256
  
  55aecb45a0e3844c0621c28907e857ec0ab23372e57bfa5dd614ea0b298b2c71
- SHA512
  
  fc7f74b3153a3c798a89fda1efe4809568cd35a7c00a3611275013c0a1ffbbead29e1e67e853875b56e73404c7dcc7c8f4e38296cc560e1086c91f4fcc989927
Score

10^/10

redline 723 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline723discoveryinfostealerspywarestealer

behavioral2

redline723discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy