redline | 4a0f52dab31cc96ebe813dfce03401b5813d10153ffd805ba61b06cb169eee6a | Triage

Submit
Reports

Overview

overview

Static

static

a4783e75fb...6a.exe

windows7_x64

a4783e75fb...6a.exe

windows10_x64

Sharing

General

Target

a4783e75fb1f0f168eb935b34957876a.exe
Size

822KB
Sample

211023-ntz7psccg4
MD5

a4783e75fb1f0f168eb935b34957876a
SHA1

98c127b90ec70fbd2467726cb6e6a406c5df92bd
SHA256

4a0f52dab31cc96ebe813dfce03401b5813d10153ffd805ba61b06cb169eee6a
SHA512

82c03dd2568484adc52d8cdbfc27f8329c925a2a5882eb64c19ee36ecd75d8c62f2e0d4ba1d3168b9e0856862e5d7df09c816083af011fecd1de1e690591220e

Score

10^/10

redline @noilase discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

a4783e75fb1f0f168eb935b34957876a.exe

Resource

win7-en-20210920

redline @noilase discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

a4783e75fb1f0f168eb935b34957876a.exe

Resource

win10-en-20211014

redline @noilase discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

@noilase

C2

92.119.113.189:21746

Targets

- Target
  
  a4783e75fb1f0f168eb935b34957876a.exe
- Size
  
  822KB
- MD5
  
  a4783e75fb1f0f168eb935b34957876a
- SHA1
  
  98c127b90ec70fbd2467726cb6e6a406c5df92bd
- SHA256
  
  4a0f52dab31cc96ebe813dfce03401b5813d10153ffd805ba61b06cb169eee6a
- SHA512
  
  82c03dd2568484adc52d8cdbfc27f8329c925a2a5882eb64c19ee36ecd75d8c62f2e0d4ba1d3168b9e0856862e5d7df09c816083af011fecd1de1e690591220e
Score

10^/10

redline @noilase discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline@noilasediscoveryinfostealerspywarestealer

behavioral2

redline@noilasediscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy