redline | 582c2dda5f1db3872450ce34212515fce0f2201b2d5961d08cdb80556db7c50e | Triage

Submit
Reports

Overview

overview

Static

static

4078aa71d5...4b.exe

windows7_x64

8

4078aa71d5...4b.exe

windows10_x64

Sharing

General

Target

4078aa71d541412492dca732e7a4724b
Size

57KB
Sample

211013-zl1daafcc9
MD5

4078aa71d541412492dca732e7a4724b
SHA1

c19adcb3808e32b2244eac8dbd5d3b614b09d378
SHA256

582c2dda5f1db3872450ce34212515fce0f2201b2d5961d08cdb80556db7c50e
SHA512

ad4891db2d00efb0341c3793e429fe4b69feb0d4db95f87a3f3793ce0e907a95e3cccf592652eaa299a2a000ae2da34c79850175fcc77a92d912454c23483e7b

Score

10^/10

redline 12102021 discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

4078aa71d541412492dca732e7a4724b.exe

Resource

win7v20210408

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

4078aa71d541412492dca732e7a4724b.exe

Resource

win10-en-20210920

redline 12102021 discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

12102021

C2

185.191.32.196:46757

Targets

- Target
  
  4078aa71d541412492dca732e7a4724b
- Size
  
  57KB
- MD5
  
  4078aa71d541412492dca732e7a4724b
- SHA1
  
  c19adcb3808e32b2244eac8dbd5d3b614b09d378
- SHA256
  
  582c2dda5f1db3872450ce34212515fce0f2201b2d5961d08cdb80556db7c50e
- SHA512
  
  ad4891db2d00efb0341c3793e429fe4b69feb0d4db95f87a3f3793ce0e907a95e3cccf592652eaa299a2a000ae2da34c79850175fcc77a92d912454c23483e7b
Score

10^/10

redline 12102021 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Downloads MZ/PE file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

behavioral2

redline12102021discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy