redline | 6ccde99f9a922f30985bf697ef122d1bb102993590064544c6d0cda4f53cbdcc | Triage

Submit
Reports

Overview

overview

Static

static

usfive_202...24.exe

windows7_x64

usfive_202...24.exe

windows10_x64

Sharing

General

Target

usfive_20211021-124624
Size

333KB
Sample

211021-rl6ajabceq
MD5

d925816145cc18afdd4675c4846bc9a7
SHA1

9eb8dff855f515f3253eb2987679c462c9cab3e7
SHA256

6ccde99f9a922f30985bf697ef122d1bb102993590064544c6d0cda4f53cbdcc
SHA512

5caec99f2a47c64193707f5f3ccb74408eea98fd395d1fba4881f7ca39149ec3aa233ef4d85396e6e3be037bc293a138ea4e1d97528c72466e8d8c5a663f5326

Score

10^/10

redline oct21 discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

usfive_20211021-124624.exe

Resource

win7-en-20211014

redline oct21 discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

usfive_20211021-124624.exe

Resource

win10-en-20210920

redline oct21 discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

oct21

C2

94.103.9.181:25690

Targets

- Target
  
  usfive_20211021-124624
- Size
  
  333KB
- MD5
  
  d925816145cc18afdd4675c4846bc9a7
- SHA1
  
  9eb8dff855f515f3253eb2987679c462c9cab3e7
- SHA256
  
  6ccde99f9a922f30985bf697ef122d1bb102993590064544c6d0cda4f53cbdcc
- SHA512
  
  5caec99f2a47c64193707f5f3ccb74408eea98fd395d1fba4881f7ca39149ec3aa233ef4d85396e6e3be037bc293a138ea4e1d97528c72466e8d8c5a663f5326
Score

10^/10

redline oct21 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineoct21discoveryinfostealerspywarestealer

behavioral2

redlineoct21discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy