redline | 7c995b2cba9072f5c246f333e7ad9b4302f836babf9fe90bab766251c432983d | Triage

Submit
Reports

Overview

overview

Static

static

ff2de7af64...e9.exe

windows7_x64

ff2de7af64...e9.exe

windows10_x64

Sharing

General

Target

ff2de7af645bea1f0d0b2a1efad90ee9.exe
Size

1.2MB
Sample

210809-tfketxdada
MD5

ff2de7af645bea1f0d0b2a1efad90ee9
SHA1

a9db492ec5a4e676911909fb9db2709a7ef5598c
SHA256

7c995b2cba9072f5c246f333e7ad9b4302f836babf9fe90bab766251c432983d
SHA512

7504fb9cbecc27218beefcb72a3820328bca240e9c3a4ddee0577def884a97d204056504e635ba14624ada9ffe7486d6cc3b1b2dd06eef75e3434fa480ab6995

Score

10^/10

redline grekh discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

ff2de7af645bea1f0d0b2a1efad90ee9.exe

Resource

win7v20210408

redline grekh discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ff2de7af645bea1f0d0b2a1efad90ee9.exe

Resource

win10v20210408

redline grekh discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

grekh

C2

5.8.248.83:61808

Targets

- Target
  
  ff2de7af645bea1f0d0b2a1efad90ee9.exe
- Size
  
  1.2MB
- MD5
  
  ff2de7af645bea1f0d0b2a1efad90ee9
- SHA1
  
  a9db492ec5a4e676911909fb9db2709a7ef5598c
- SHA256
  
  7c995b2cba9072f5c246f333e7ad9b4302f836babf9fe90bab766251c432983d
- SHA512
  
  7504fb9cbecc27218beefcb72a3820328bca240e9c3a4ddee0577def884a97d204056504e635ba14624ada9ffe7486d6cc3b1b2dd06eef75e3434fa480ab6995
Score

10^/10

redline grekh discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinegrekhdiscoveryinfostealerspywarestealer

behavioral2

redlinegrekhdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy