redline | 52c8a05a5f144e11b59697000362b9aba1b723a592bcf1093d8c2a896cb8880b | Triage

Submit
Reports

Overview

overview

Static

static

9351b3d3a5...6f.exe

windows7_x64

9351b3d3a5...6f.exe

windows10_x64

Sharing

General

Target

RedLine.zip
Size

226KB
Sample

210929-ptyjjsehg4
MD5

6385d4d0572f97e80d32bd789758f5c2
SHA1

2de20507a0b8ca7b780732ef70be93a2a6b339e0
SHA256

52c8a05a5f144e11b59697000362b9aba1b723a592bcf1093d8c2a896cb8880b
SHA512

5d9a49fd706c4891c283e2920b8041573f54619debd0c7bf01d7f0b466b7a06de6de2cf3b005bb9ddc244c4e2be5fce103e130af9a7280f1e287b4ee19ac7761

Score

10^/10

redline aboba discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

9351b3d3a5b780220b67f06c7cb9b8d49a95055f6aa0934b733b0208458cfa6f.exe

Resource

win7v20210408

redline aboba discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

9351b3d3a5b780220b67f06c7cb9b8d49a95055f6aa0934b733b0208458cfa6f.exe

Resource

win10-en-20210920

redline aboba discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

aboba

C2

65.108.1.219:28593

Targets

- Target
  
  9351b3d3a5b780220b67f06c7cb9b8d49a95055f6aa0934b733b0208458cfa6f.exe
- Size
  
  283KB
- MD5
  
  a517c307af008fca4fcd6caff59aa809
- SHA1
  
  69e9cd85861a4d57652d52721536eb65f6cbf215
- SHA256
  
  9351b3d3a5b780220b67f06c7cb9b8d49a95055f6aa0934b733b0208458cfa6f
- SHA512
  
  a06029260d50131a6ccaf6010fadaac9e81217d88896cb4be93de7d32c7cb39db5bec89d762883f8d7bf326a2881a5857488f34b3a9703b314025df0a293d791
Score

10^/10

redline aboba discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineabobadiscoveryinfostealerspywarestealer

behavioral2

redlineabobadiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy