redline | 3401188a34dbf71336f46e8ec5019db4f12b1d137201166982d00d3c2c3f3d6c | Triage

Submit
Reports

Overview

overview

Static

static

1e936a3027...d0.exe

windows7_x64

1e936a3027...d0.exe

windows10_x64

Sharing

General

Target

1e936a3027bad9d485df3d0356a8c8a22838851a66dfa7708e57855cfe54ded0.zip
Size

10.2MB
Sample

210727-cvefwpkgnj
MD5

8bdde3c996a88c9a91d3827c7953cce7
SHA1

ac38cbe51f3db755e7581d3578f79988b873a8e7
SHA256

3401188a34dbf71336f46e8ec5019db4f12b1d137201166982d00d3c2c3f3d6c
SHA512

e81cb480cf95801447f89907355c94cee82435a8f4c25438b0ea2a90a3a591b4c440271c744d2d7ed68568d5f3eebdf64a6183f522b7290d94433b054a5d2aab

Score

10^/10

redline adsgoogle2 discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

1e936a3027bad9d485df3d0356a8c8a22838851a66dfa7708e57855cfe54ded0.exe

Resource

win7v20210410

redline adsgoogle2 discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

1e936a3027bad9d485df3d0356a8c8a22838851a66dfa7708e57855cfe54ded0.exe

Resource

win10v20210408

redline adsgoogle2 infostealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

adsgoogle2

C2

45.93.4.12:80

Targets

- Target
  
  1e936a3027bad9d485df3d0356a8c8a22838851a66dfa7708e57855cfe54ded0
- Size
  
  10.5MB
- MD5
  
  b5517915ec684b56531b34245b320b72
- SHA1
  
  26317275130e0be9e630be426e0854dc7d711308
- SHA256
  
  1e936a3027bad9d485df3d0356a8c8a22838851a66dfa7708e57855cfe54ded0
- SHA512
  
  44a404a7d42f1916746c175ca9f6dbd979a6e1598b3571011def74db66d0119bbeabe31809c0a262fd65621be22a88a17c95afda13de74f5efbdb34ca294198b
Score

10^/10

redline adsgoogle2 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineadsgoogle2discoveryinfostealerspywarestealer

behavioral2

redlineadsgoogle2infostealer

© 2018-2024

Terms | Privacy