redline | 1a693036899a05dbbb83fb29c1487f2e43fd5bb7d8d01e3bea84166aa331f998 | Triage

Sharing

General

Target

Roaming.rar
Size

433KB
Sample

210812-jfljbz21xn
MD5

67478498a1cd57320c26a958f6edf529
SHA1

80de60e740f6f94a51c4e22174dada1ea384cf37
SHA256

1a693036899a05dbbb83fb29c1487f2e43fd5bb7d8d01e3bea84166aa331f998
SHA512

310ef1dcab3b1758f69fd9f290a998d127fa4863363293ed2bc9b52e10815c31e944f06d15ab10ffe821af86a2972a858a2a7f1f6c850afb854d098044e820d0

Score

10^/10

redline 7new discovery infostealer persistence spyware stealer suricata

Malware Config

Extracted

Family

redline

Botnet

7new

C2

sytareliar.xyz:80

yabelesatg.xyz:80

ceneimarck.xyz:80

Targets

- Target
  
  2468852.exe
- Size
  
  129KB
- MD5
  
  b6b7f896ec6c87db2a811a44abc0c5b5
- SHA1
  
  b17eac180c2139947d2f8fdc87ff8a2a615cbcbf
- SHA256
  
  02ca78fdf706e494a923c01179c6f2bcc2fd59e55d79039ac7a20a51453670c6
- SHA512
  
  27150b8bced3845b834be55e40cc31882a0d5290a0363fbc8e0f20244dc6e3f022c2cb5dc7e8a18b9b140994d85995e7e6ee4270ed37bfbc9535cb97ee313c63
Score

7^/10

discovery spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  4422625.exe
- Size
  
  174KB
- MD5
  
  7dfa7a1ec7a798b241d0a3521a0c593a
- SHA1
  
  23fa15493fd3f2e782488d341331aaf914eeba03
- SHA256
  
  a64f106b863dec9b842e6fd952995a7ad8dd3b272324a1265dfcb513cd986d17
- SHA512
  
  3817b7a711e354c5111e5354704b3a7fa07cce8801cc46f8c6ca9bf9d893cdfe1d03c7b9faefb135d193bc937a3403de84e2c8ee4a296ca0f397dca73b1acd7b
Score

10^/10

redline 7new discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral3 behavioral4
- Target
  
  4701556.exe
- Size
  
  46KB
- MD5
  
  1d095bc417db73c6bc6e4c4e7b43106f
- SHA1
  
  db7e49df1fb5a0a665976f98ff7128aeba40c5f3
- SHA256
  
  b529e11f2a855b7e7bca65ac994be9dc81191c7fe1b720addb90b98da33e7fee
- SHA512
  
  3d255ee420aa7eb0f5f28e060d968bf4369f4be3fc8f07bd32c5482fea055e8103347440d41d17d847c5b2b2d3fb2e3a40356db1a33911c0b25828739a88a097
Score

8^/10

persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral5 behavioral6
- Target
  
  8383001.exe
- Size
  
  181KB
- MD5
  
  36acd7e8f309426cb30aeda6c58234a6
- SHA1
  
  e111555e3324dcb03fda2b03fd4f765dec10ee75
- SHA256
  
  d17fbe43bc63006f1f11be7948fc385457eb4e830567f5f564cc3d3316ce6a3d
- SHA512
  
  62449c4e2d9c5faae15164e5751901d2e8e978aa52a7e156e7001b44bb61ed0cc14ee2230458a239ab7a85198826fe704246043ae800ee9c55951b7182b2ea6c
Score

10^/10

discovery spyware stealer suricata
- suricata: ET MALWARE Observed Elysium Stealer Variant CnC Domain (all-brain-company .xyz in TLS SNI)
  suricata: ET MALWARE Observed Elysium Stealer Variant CnC Domain (all-brain-company .xyz in TLS SNI)
  suricata
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer

behavioral3

redline7newdiscoveryinfostealerspywarestealer

behavioral4

redline7newdiscoveryinfostealerspywarestealer

behavioral5

behavioral6

behavioral7

discoveryspywarestealersuricata

behavioral8

discoveryspywarestealersuricata