Overview

overview

10

Static

static

Redline St...ck.exe

windows7_x64

8

Redline St...ck.exe

windows7_x64

8

Redline St...ck.exe

windows11_x64

10

Redline St...ck.exe

windows10_x64

10

Redline St...ck.exe

windows10_x64

10

Redline St...ck.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Redline Stealer 2021 Cracked.rar

  • Size

    15.4MB

  • Sample

    211020-bdgdfagdh9

  • MD5

    fcdf4d84d1ddfdd243cb9f7ca06486d1

  • SHA1

    4158c9e5338bc59d875bc59d0690ec60bcc39787

  • SHA256

    c2e07c268efe3d9967a8af7933a22188b928bae9a86bb0177a401ed0a7979657

  • SHA512

    f82e4024d36101c6178547ee57be95e0bb16dfbfa6d0b29299b01801ee5b2ab873a7de53fcc4a5914661193881d999babc5909d767b4ff9514076a39ac82a84d

Score
10/10
redlinecheatevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

127.0.0.1:1337

Targets

    • Target

      Redline Stealer 2021 Cracked/Redline_20_2_crack.exe

    • Size

      15.1MB

    • MD5

      083776e54ad37b3a45d7e6516b1e13fb

    • SHA1

      e784e8f041dfb7612e8439518ed587f1f878b9eb

    • SHA256

      4334163e03a3cae86600be22c3deb8e786142db27883cc99f0536f713621df9d

    • SHA512

      0985538bf8c2add2e85ac09e64826e0993fae2b1b4e7643a42f010201e4e8f2065f673a795aa4eabf7bee26709f35fbc84553042f40ce3a2fde96a271c43590c

    Score
    10/10
    persistenceevasiontrojanredlinecheatinfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Registers COM server for autorun

      persistence

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Executes dropped EXE

    • Sets service image path in registry

      persistence

    • Drops startup file

    • Loads dropped DLL

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops file in System32 directory

    behavioral1behavioral2behavioral3behavioral4behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

System Information Discovery

4
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks