redline | 4cb49a8991c4cb4b86302e68dc84ed87fb8890abb4627f8e8a589d4d4b15412c | Triage

Submit
Reports

Overview

overview

Static

static

a1a005a4d8...79.exe

windows7_x64

a1a005a4d8...79.exe

windows10_x64

Sharing

General

Target

a1a005a4d811a9d28e788f9f259bc779.exe
Size

114KB
Sample

210727-denmd71xg2
MD5

a1a005a4d811a9d28e788f9f259bc779
SHA1

2b3dd21fabda2d3be84bc60e26f53d995514ab0b
SHA256

4cb49a8991c4cb4b86302e68dc84ed87fb8890abb4627f8e8a589d4d4b15412c
SHA512

389d8515d766c7cf3d43bc5d8289890117db25fb632bfb0fb3d96e82596248c8d225157e3eb2528c8dbaf8d2a52386680480581bb9fef4aa177199e676ed2b7c

Score

10^/10

redline poir discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

a1a005a4d811a9d28e788f9f259bc779.exe

Resource

win7v20210408

redline poir discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

a1a005a4d811a9d28e788f9f259bc779.exe

Resource

win10v20210410

redline poir discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

poir

C2

194.33.45.147:46868

Targets

- Target
  
  a1a005a4d811a9d28e788f9f259bc779.exe
- Size
  
  114KB
- MD5
  
  a1a005a4d811a9d28e788f9f259bc779
- SHA1
  
  2b3dd21fabda2d3be84bc60e26f53d995514ab0b
- SHA256
  
  4cb49a8991c4cb4b86302e68dc84ed87fb8890abb4627f8e8a589d4d4b15412c
- SHA512
  
  389d8515d766c7cf3d43bc5d8289890117db25fb632bfb0fb3d96e82596248c8d225157e3eb2528c8dbaf8d2a52386680480581bb9fef4aa177199e676ed2b7c
Score

10^/10

redline poir discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Downloads MZ/PE file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinepoirdiscoveryinfostealerspywarestealer

behavioral2

redlinepoirdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy