redline | f8f717beb9b7de0b20ef86dcabc3a7b107fcfd933daa17899ff95dce53ba6db8 | Triage

Submit
Reports

Overview

overview

Static

static

usfive_202...05.exe

windows7_x64

usfive_202...05.exe

windows10_x64

Resubmissions

21-02-2023 12:00

230221-n6fzlagf2s 10

21-10-2021 09:05

211021-k16raaaaf6 10

Sharing

General

Target

usfive_20211021-084805
Size

337KB
Sample

211021-k16raaaaf6
MD5

a371cb8030ecb71c1246359e86e45fe6
SHA1

8cc4982a22d833799906bd8c9616385142386407
SHA256

f8f717beb9b7de0b20ef86dcabc3a7b107fcfd933daa17899ff95dce53ba6db8
SHA512

8875fb83ce689f5f8dced5cbde2e40cdc9adfbf716f34770bdc747e0ef47d3766c91c1c9c30a1638381617e47bf8650d4909b24822e957102cffc5aa58338100

Score

10^/10

redline netlyvpn evadav discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

usfive_20211021-084805.exe

Resource

win7-en-20210920

redline netlyvpn evadav discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

usfive_20211021-084805.exe

Resource

win10-en-20211014

redline netlyvpn evadav discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

netlyvpn evadav

C2

94.103.9.181:25749

Targets

- Target
  
  usfive_20211021-084805
- Size
  
  337KB
- MD5
  
  a371cb8030ecb71c1246359e86e45fe6
- SHA1
  
  8cc4982a22d833799906bd8c9616385142386407
- SHA256
  
  f8f717beb9b7de0b20ef86dcabc3a7b107fcfd933daa17899ff95dce53ba6db8
- SHA512
  
  8875fb83ce689f5f8dced5cbde2e40cdc9adfbf716f34770bdc747e0ef47d3766c91c1c9c30a1638381617e47bf8650d4909b24822e957102cffc5aa58338100
Score

10^/10

redline netlyvpn evadav discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinenetlyvpn evadavdiscoveryinfostealerspywarestealer

behavioral2

redlinenetlyvpn evadavdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy