redline | 0344c20e70f91bc71b10fb60f5043bc07f238d1439b277fec325b3cc10c19668 | Triage

Submit
Reports

Overview

overview

Static

static

df4b40ac85...32.exe

windows7_x64

df4b40ac85...32.exe

windows10_x64

Sharing

General

Target

df4b40ac854ceef5992b98fa1f733532.exe
Size

264KB
Sample

210731-mhybp55ekj
MD5

df4b40ac854ceef5992b98fa1f733532
SHA1

783a0508e0596e711929da174926b32aaee16ad2
SHA256

0344c20e70f91bc71b10fb60f5043bc07f238d1439b277fec325b3cc10c19668
SHA512

f765832164f8453548f33abf7c58d11b7651955a779824099800aca41b0a7360258eb184b6a118b5b838f909b83e652d6efe53cc38cc53f0ea21c7ccd28bf7da

Score

10^/10

redline 3 discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

df4b40ac854ceef5992b98fa1f733532.exe

Resource

win7v20210410

redline 3 discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

df4b40ac854ceef5992b98fa1f733532.exe

Resource

win10v20210408

redline 3 discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

3

C2

213.166.68.170:16810

Targets

- Target
  
  df4b40ac854ceef5992b98fa1f733532.exe
- Size
  
  264KB
- MD5
  
  df4b40ac854ceef5992b98fa1f733532
- SHA1
  
  783a0508e0596e711929da174926b32aaee16ad2
- SHA256
  
  0344c20e70f91bc71b10fb60f5043bc07f238d1439b277fec325b3cc10c19668
- SHA512
  
  f765832164f8453548f33abf7c58d11b7651955a779824099800aca41b0a7360258eb184b6a118b5b838f909b83e652d6efe53cc38cc53f0ea21c7ccd28bf7da
Score

10^/10

redline 3 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Downloads MZ/PE file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline3discoveryinfostealerspywarestealer

behavioral2

redline3discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy