redline | d319ddd3d52abce88199f3b7d1385bb3258290139b8b05a1ef2b672af8da2fba | Triage

Submit
Reports

Overview

overview

Static

static

c844c77a40...1d.exe

windows7_x64

c844c77a40...1d.exe

windows10_x64

Sharing

General

Target

c844c77a4052cd87225ef065c71abb1d
Size

269KB
Sample

210828-r5hqb3lw62
MD5

c844c77a4052cd87225ef065c71abb1d
SHA1

a2fa85d3b42005660c622aa1e59708d38a8b57b0
SHA256

d319ddd3d52abce88199f3b7d1385bb3258290139b8b05a1ef2b672af8da2fba
SHA512

0e923e260e29672e9d33e924cfb775fb4eca26ebc66bee09d0b7f28983f06aa47e9f0d6c331517a6ab09d8ddf583fa0aafeb89d150d982bd20ad41a1338d3cbb

Score

10^/10

redline hello discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

c844c77a4052cd87225ef065c71abb1d.exe

Resource

win7v20210408

redline hello discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

c844c77a4052cd87225ef065c71abb1d.exe

Resource

win10v20210408

redline hello discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

hello

C2

80.66.87.33:36976

Targets

- Target
  
  c844c77a4052cd87225ef065c71abb1d
- Size
  
  269KB
- MD5
  
  c844c77a4052cd87225ef065c71abb1d
- SHA1
  
  a2fa85d3b42005660c622aa1e59708d38a8b57b0
- SHA256
  
  d319ddd3d52abce88199f3b7d1385bb3258290139b8b05a1ef2b672af8da2fba
- SHA512
  
  0e923e260e29672e9d33e924cfb775fb4eca26ebc66bee09d0b7f28983f06aa47e9f0d6c331517a6ab09d8ddf583fa0aafeb89d150d982bd20ad41a1338d3cbb
Score

10^/10

redline hello discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinehellodiscoveryinfostealerspywarestealer

behavioral2

redlinehellodiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy