redline | 6f4d0be0c5e4824c213ca020779cee9279d0ed576c2a13d058ecfd992ade3d9e | Triage

Submit
Reports

Overview

overview

Static

static

a237f8b9bb...3e.exe

windows7_x64

a237f8b9bb...3e.exe

windows10_x64

Sharing

General

Target

a237f8b9bbc300dcd1ea0dd7688ec23e
Size

426KB
Sample

211129-kw6wgsbhcm
MD5

a237f8b9bbc300dcd1ea0dd7688ec23e
SHA1

26676fc0f70f8233fe8a87d538dcd11e9dba37ad
SHA256

6f4d0be0c5e4824c213ca020779cee9279d0ed576c2a13d058ecfd992ade3d9e
SHA512

4c6035a94c98028e01bb46d7c72467430037139465f04b6a6965fba3911102e3be9d265dadcf71415819d4054487aa690302075c3caaf025739255dc17f74a4a

Score

10^/10

redline bbtt1 discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

a237f8b9bbc300dcd1ea0dd7688ec23e.exe

Resource

win7-en-20211104

redline bbtt1 discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

a237f8b9bbc300dcd1ea0dd7688ec23e.exe

Resource

win10-en-20211014

redline bbtt1 discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

bbtt1

C2

212.193.30.196:13040

Targets

- Target
  
  a237f8b9bbc300dcd1ea0dd7688ec23e
- Size
  
  426KB
- MD5
  
  a237f8b9bbc300dcd1ea0dd7688ec23e
- SHA1
  
  26676fc0f70f8233fe8a87d538dcd11e9dba37ad
- SHA256
  
  6f4d0be0c5e4824c213ca020779cee9279d0ed576c2a13d058ecfd992ade3d9e
- SHA512
  
  4c6035a94c98028e01bb46d7c72467430037139465f04b6a6965fba3911102e3be9d265dadcf71415819d4054487aa690302075c3caaf025739255dc17f74a4a
Score

10^/10

redline bbtt1 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinebbtt1discoveryinfostealerspywarestealer

behavioral2

redlinebbtt1discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy