redline | b33bc799128d0e630270f09393c5f4dae1867782fbde21db3d7f6d5f945625d2 | Triage

Submit
Reports

Overview

overview

Static

static

b33bc79912...e2.exe

windows7_x64

b33bc79912...e2.exe

windows10_x64

Sharing

General

Target

b33bc799128d0e630270f09393c5f4dae1867782fbde2.exe
Size

262KB
Sample

210731-kly12vyaqs
MD5

b7db02446d1f0cc21a2259227b021313
SHA1

77099382728356ad71d80226c90754a75e29fb06
SHA256

b33bc799128d0e630270f09393c5f4dae1867782fbde21db3d7f6d5f945625d2
SHA512

10ab722f5369e22357530ab73e6416e4ed616ffd5c29ea3f520b5830bd316e5ec9689c588ba95288dc09a0cc4c840c6abeb2c84823839606dc029a9f6d0c94e0

Score

10^/10

redline youngboy discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

b33bc799128d0e630270f09393c5f4dae1867782fbde2.exe

Resource

win7v20210410

redline youngboy discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

b33bc799128d0e630270f09393c5f4dae1867782fbde2.exe

Resource

win10v20210408

redline youngboy infostealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

youngboy

C2

176.57.69.178:59510

Targets

- Target
  
  b33bc799128d0e630270f09393c5f4dae1867782fbde2.exe
- Size
  
  262KB
- MD5
  
  b7db02446d1f0cc21a2259227b021313
- SHA1
  
  77099382728356ad71d80226c90754a75e29fb06
- SHA256
  
  b33bc799128d0e630270f09393c5f4dae1867782fbde21db3d7f6d5f945625d2
- SHA512
  
  10ab722f5369e22357530ab73e6416e4ed616ffd5c29ea3f520b5830bd316e5ec9689c588ba95288dc09a0cc4c840c6abeb2c84823839606dc029a9f6d0c94e0
Score

10^/10

redline youngboy discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineyoungboydiscoveryinfostealerspywarestealer

behavioral2

redlineyoungboyinfostealer

© 2018-2024

Terms | Privacy