redline | 7a875017c121897c46818f9388f3c8cad4ac574a3b217c1a056f74b333f138c6 | Triage

Submit
Reports

Overview

overview

Static

static

704DF199EB...8C.exe

windows7_x64

704DF199EB...8C.exe

windows10_x64

Sharing

General

Target

704DF199EB1B0154A645C60364A8A28C.exe
Size

943KB
Sample

210726-seqzjxs24e
MD5

704df199eb1b0154a645c60364a8a28c
SHA1

5810a3118f77af1e9b2ea0c0a658244a1b6d2de6
SHA256

7a875017c121897c46818f9388f3c8cad4ac574a3b217c1a056f74b333f138c6
SHA512

70b3eccce060dc43bac69f4aaacf646d64d96314edd4bb2e45543d41bd5fa0546e314420f1ec6fee33fb7ecf48284b415a4de864c681aaec817fcd3db535c53e

Score

10^/10

redline game#2 discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

704DF199EB1B0154A645C60364A8A28C.exe

Resource

win7v20210410

redline game#2 discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

704DF199EB1B0154A645C60364A8A28C.exe

Resource

win10v20210408

redline game#2 discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

Game#2

C2

185.170.213.254:56663

Targets

- Target
  
  704DF199EB1B0154A645C60364A8A28C.exe
- Size
  
  943KB
- MD5
  
  704df199eb1b0154a645c60364a8a28c
- SHA1
  
  5810a3118f77af1e9b2ea0c0a658244a1b6d2de6
- SHA256
  
  7a875017c121897c46818f9388f3c8cad4ac574a3b217c1a056f74b333f138c6
- SHA512
  
  70b3eccce060dc43bac69f4aaacf646d64d96314edd4bb2e45543d41bd5fa0546e314420f1ec6fee33fb7ecf48284b415a4de864c681aaec817fcd3db535c53e
Score

10^/10

redline game#2 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinegame#2discoveryinfostealerspywarestealer

behavioral2

redlinegame#2discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy