redline | 1e9bca11852588fff0ba71bd61a90c7c8d364f8b27dbd79d2fafbeae0059f3ff | Triage

Submit
Reports

Overview

overview

Static

static

428bd86504...bb.exe

windows7_x64

428bd86504...bb.exe

windows10_x64

Sharing

General

Target

428bd865041b49829bad68c10f9a7ebb.exe
Size

333KB
Sample

211025-yktnnsgfa6
MD5

428bd865041b49829bad68c10f9a7ebb
SHA1

fabec2a27fe639261cf8ef9a2382e655e31fae93
SHA256

1e9bca11852588fff0ba71bd61a90c7c8d364f8b27dbd79d2fafbeae0059f3ff
SHA512

d6836f4d8ef4d8d19d538accc591ed67d4418f7373c18f9c6c22b2dfdfd664579c420d644611d30571095e77e48cfadbf4ef2849cc75005f844cd7ce5586e738

Score

10^/10

redline build999 discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

428bd865041b49829bad68c10f9a7ebb.exe

Resource

win7-en-20211014

redline build999 discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

428bd865041b49829bad68c10f9a7ebb.exe

Resource

win10-en-20210920

redline build999 discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

build999

C2

109.107.191.123:52781

Targets

- Target
  
  428bd865041b49829bad68c10f9a7ebb.exe
- Size
  
  333KB
- MD5
  
  428bd865041b49829bad68c10f9a7ebb
- SHA1
  
  fabec2a27fe639261cf8ef9a2382e655e31fae93
- SHA256
  
  1e9bca11852588fff0ba71bd61a90c7c8d364f8b27dbd79d2fafbeae0059f3ff
- SHA512
  
  d6836f4d8ef4d8d19d538accc591ed67d4418f7373c18f9c6c22b2dfdfd664579c420d644611d30571095e77e48cfadbf4ef2849cc75005f844cd7ce5586e738
Score

10^/10

redline build999 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinebuild999discoveryinfostealerspywarestealer

behavioral2

redlinebuild999discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy