redline | 57430cbbfebdef7c54698b00102dbd2098aef53ba4bd5fa43660c2e306f53482 | Triage

Submit
Reports

Overview

overview

Static

static

ad54fbfa5c...a7.exe

windows7_x64

ad54fbfa5c...a7.exe

windows10_x64

Sharing

General

Target

ad54fbfa5cd265112f67ea1b4d2e95a7.exe
Size

739KB
Sample

210727-58znhm85d2
MD5

ad54fbfa5cd265112f67ea1b4d2e95a7
SHA1

b92e996cffa1ad3b6e6a0c439f1bf21c72ccce51
SHA256

57430cbbfebdef7c54698b00102dbd2098aef53ba4bd5fa43660c2e306f53482
SHA512

d4a4fc1b25f2f51f5ce6d40dc7277ee51af5004630449595348406663892ed4f2849bd3417b3e484ff409263083833a8c2c00d6758549bd92a901956a48afaf6

Score

10^/10

redline @mrhaluyepp discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

ad54fbfa5cd265112f67ea1b4d2e95a7.exe

Resource

win7v20210410

redline @mrhaluyepp discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ad54fbfa5cd265112f67ea1b4d2e95a7.exe

Resource

win10v20210408

redline @mrhaluyepp discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

@MrHaluyepp

C2

185.80.234.77:17105

Targets

- Target
  
  ad54fbfa5cd265112f67ea1b4d2e95a7.exe
- Size
  
  739KB
- MD5
  
  ad54fbfa5cd265112f67ea1b4d2e95a7
- SHA1
  
  b92e996cffa1ad3b6e6a0c439f1bf21c72ccce51
- SHA256
  
  57430cbbfebdef7c54698b00102dbd2098aef53ba4bd5fa43660c2e306f53482
- SHA512
  
  d4a4fc1b25f2f51f5ce6d40dc7277ee51af5004630449595348406663892ed4f2849bd3417b3e484ff409263083833a8c2c00d6758549bd92a901956a48afaf6
Score

10^/10

redline @mrhaluyepp discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline@mrhaluyeppdiscoveryinfostealerspywarestealer

behavioral2

redline@mrhaluyeppdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy