redline | b0eb54f46e5919460cb8d21fdcd695e3356b6311ab0547f18dc3d84a66a14bc4 | Triage

Submit
Reports

Overview

overview

Static

static

b1dbc3b0_R...e6.exe

windows7_x64

b1dbc3b0_R...e6.exe

windows10_x64

Sharing

General

Target

b1dbc3b0_RE8KkS8Ee6
Size

163KB
Sample

210813-pn5pzz3jpn
MD5

b1dbc3b027105d8032541bc0c5e71abb
SHA1

1ef1950ecb44e6bd8d0a3849868ec9a0ceaa1130
SHA256

b0eb54f46e5919460cb8d21fdcd695e3356b6311ab0547f18dc3d84a66a14bc4
SHA512

3f7fd0aa71e6fae5eeaf16cc47a1ac43cdd1f643c1e7e439eb068685558929cf3c74552ad70fbf2d6cad94cc11bb8ea9c099ef1401b868947f1a9e5e44b34f7b

Score

10^/10

redline 7new discovery infostealer persistence spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

b1dbc3b0_RE8KkS8Ee6.exe

Resource

win7v20210408

redline 7new discovery infostealer persistence spyware stealer suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

b1dbc3b0_RE8KkS8Ee6.exe

Resource

win10v20210410

redline 7new discovery infostealer persistence spyware stealer suricata

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

7new

C2

sytareliar.xyz:80

yabelesatg.xyz:80

ceneimarck.xyz:80

Targets

- Target
  
  b1dbc3b0_RE8KkS8Ee6
- Size
  
  163KB
- MD5
  
  b1dbc3b027105d8032541bc0c5e71abb
- SHA1
  
  1ef1950ecb44e6bd8d0a3849868ec9a0ceaa1130
- SHA256
  
  b0eb54f46e5919460cb8d21fdcd695e3356b6311ab0547f18dc3d84a66a14bc4
- SHA512
  
  3f7fd0aa71e6fae5eeaf16cc47a1ac43cdd1f643c1e7e439eb068685558929cf3c74552ad70fbf2d6cad94cc11bb8ea9c099ef1401b868947f1a9e5e44b34f7b
Score

10^/10

redline 7new discovery infostealer persistence spyware stealer suricata
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- suricata: ET MALWARE Observed Elysium Stealer Variant CnC Domain (all-brain-company .xyz in TLS SNI)
  suricata: ET MALWARE Observed Elysium Stealer Variant CnC Domain (all-brain-company .xyz in TLS SNI)
  suricata
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Web Service

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

redline7newdiscoveryinfostealerpersistencespywarestealersuricata

behavioral2

redline7newdiscoveryinfostealerpersistencespywarestealersuricata

© 2018-2024

Terms | Privacy