redline | 6c251106b903b525e3ffa3d0ac5fd47704a0970841f4a493d15fb374ee35f0e9 | Triage

Submit
Reports

Overview

overview

Static

static

6c251106b9...4a.exe

windows7_x64

6c251106b9...4a.exe

windows10_x64

Sharing

General

Target

6c251106b903b525e3ffa3d0ac5fd47704a0970841f4a.exe
Size

552KB
Sample

211128-fretzsgadl
MD5

c986e3f232dd71ac91e33cbbddf25c0a
SHA1

c0d65b2188e25c1e62de1d8bd5c4dc67f49ef248
SHA256

6c251106b903b525e3ffa3d0ac5fd47704a0970841f4a493d15fb374ee35f0e9
SHA512

e36e7e15e6e8c266e168e9570f8d08082ca8dd2d85cb6edbf5eb61ca63dacfe1db92eed9724346d3c39effa51d14dc65a23c767a4a184447032a19241482dd21

Score

10^/10

redline 456390 robot discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

6c251106b903b525e3ffa3d0ac5fd47704a0970841f4a.exe

Resource

win7-en-20211104

redline 456390 robot discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

6c251106b903b525e3ffa3d0ac5fd47704a0970841f4a.exe

Resource

win10-en-20211014

redline 456390 robot discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

Robot

C2

178.238.8.47:36439

Extracted

Family

redline

Botnet

456390

C2

45.77.80.187:15300

Targets

- Target
  
  6c251106b903b525e3ffa3d0ac5fd47704a0970841f4a.exe
- Size
  
  552KB
- MD5
  
  c986e3f232dd71ac91e33cbbddf25c0a
- SHA1
  
  c0d65b2188e25c1e62de1d8bd5c4dc67f49ef248
- SHA256
  
  6c251106b903b525e3ffa3d0ac5fd47704a0970841f4a493d15fb374ee35f0e9
- SHA512
  
  e36e7e15e6e8c266e168e9570f8d08082ca8dd2d85cb6edbf5eb61ca63dacfe1db92eed9724346d3c39effa51d14dc65a23c767a4a184447032a19241482dd21
Score

10^/10

redline 456390 robot discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline456390robotdiscoveryinfostealerspywarestealer

behavioral2

redline456390robotdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy