redline | aa6843ca9b0bbaf0e41672bf6d3fe076502d3e2ff7683b198428e82e216d42dc | Triage

Submit
Reports

Overview

overview

Static

static

036f4601b8...97.exe

windows7_x64

036f4601b8...97.exe

windows10_x64

Sharing

General

Target

036f4601b88c52668d279cf3fcce2a97.exe
Size

68KB
Sample

211104-lrmsgsdchr
MD5

036f4601b88c52668d279cf3fcce2a97
SHA1

9d67601c7e37e1d7e7c36820ad360169c16628df
SHA256

aa6843ca9b0bbaf0e41672bf6d3fe076502d3e2ff7683b198428e82e216d42dc
SHA512

08b40274ad8d24a7f7775da9d7755d13aa0a110250008ceb02bae54fa8074d40d6ccfbfe28e2cf2c25d5904d931135a6bfe467ca6b5439422b1d2225c5756d70

Score

10^/10

redline khrip discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

036f4601b88c52668d279cf3fcce2a97.exe

Resource

win7-en-20210920

redline khrip discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

036f4601b88c52668d279cf3fcce2a97.exe

Resource

win10-en-20210920

redline discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

khrip

C2

91.211.251.200:52562

Targets

- Target
  
  036f4601b88c52668d279cf3fcce2a97.exe
- Size
  
  68KB
- MD5
  
  036f4601b88c52668d279cf3fcce2a97
- SHA1
  
  9d67601c7e37e1d7e7c36820ad360169c16628df
- SHA256
  
  aa6843ca9b0bbaf0e41672bf6d3fe076502d3e2ff7683b198428e82e216d42dc
- SHA512
  
  08b40274ad8d24a7f7775da9d7755d13aa0a110250008ceb02bae54fa8074d40d6ccfbfe28e2cf2c25d5904d931135a6bfe467ca6b5439422b1d2225c5756d70
Score

10^/10

redline khrip discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

redlinekhripdiscoveryinfostealerspywarestealer

behavioral2

redlinediscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy