redline | 30771966e27a617dec4499d5917d3fc8d4d3d67798c30c8b76a71238fbcfdfde | Triage

Submit
Reports

Overview

overview

Static

static

Vape Cracked.exe

windows7_x64

Vape Cracked.exe

windows10_x64

Vape Cracked.exe

windows7_x64

Vape Cracked.exe

windows10_x64

Vape Cracked.exe

windows7_x64

Vape Cracked.exe

windows10_x64

Resubmissions

10-12-2021 21:37

211210-1gxl9sbdcp 10

10-12-2021 21:24

211210-z83f6aaaa6 10

Sharing

General

Target

Vape Cracked.exe
Size

938KB
Sample

211210-1gxl9sbdcp
MD5

1b193fdc036eb7492aa6bbb46e3e7523
SHA1

7aed312bb4dba8be005725821d642a38803f9968
SHA256

30771966e27a617dec4499d5917d3fc8d4d3d67798c30c8b76a71238fbcfdfde
SHA512

5610d12159465787c9fddbd6642c47300023b52fab59f48e76eb873721b3b30a9a5da159befaab835a5c528e0c41a364496ac84408f01ee10bccd9948404a74a

Score

10^/10

redline @dollax1337 discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Vape Cracked.exe

Resource

win7-en-20211208

redline @dollax1337 discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Vape Cracked.exe

Resource

win10-en-20211208

redline @dollax1337 discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

Vape Cracked.exe

Resource

win7-en-20211208

redline @dollax1337 discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral4

Sample

Vape Cracked.exe

Resource

win10-en-20211208

redline @dollax1337 discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral5

Sample

Vape Cracked.exe

Resource

win7-en-20211208

redline @dollax1337 discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral6

Sample

Vape Cracked.exe

Resource

win10-en-20211208

redline @dollax1337 discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

@dollax1337

C2

185.215.113.82:31104

Targets

- Target
  
  Vape Cracked.exe
- Size
  
  938KB
- MD5
  
  1b193fdc036eb7492aa6bbb46e3e7523
- SHA1
  
  7aed312bb4dba8be005725821d642a38803f9968
- SHA256
  
  30771966e27a617dec4499d5917d3fc8d4d3d67798c30c8b76a71238fbcfdfde
- SHA512
  
  5610d12159465787c9fddbd6642c47300023b52fab59f48e76eb873721b3b30a9a5da159befaab835a5c528e0c41a364496ac84408f01ee10bccd9948404a74a
Score

10^/10

redline @dollax1337 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3 behavioral4 behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline@dollax1337discoveryinfostealerspywarestealer

behavioral2

redline@dollax1337discoveryinfostealerspywarestealer

behavioral3

redline@dollax1337discoveryinfostealerspywarestealer

behavioral4

redline@dollax1337discoveryinfostealerspywarestealer

behavioral5

redline@dollax1337discoveryinfostealerspywarestealer

behavioral6

redline@dollax1337discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy