redline | 0b969852c5e1537663d690bfaf170f4a00d9986f54d8469e55cfbc9e5cb3fa5b | Triage

Submit
Reports

Overview

overview

Static

static

0b969852c5...84.exe

windows7_x64

3

0b969852c5...84.exe

windows10_x64

Sharing

General

Target

0b969852c5e1537663d690bfaf170f4a00d9986f54d84.exe
Size

116KB
Sample

211212-eym89sdcer
MD5

c2b56a031f17ee4633355ae5d70cb3a8
SHA1

1379afa68d4642d1f622a5a5479fd6899187e747
SHA256

0b969852c5e1537663d690bfaf170f4a00d9986f54d8469e55cfbc9e5cb3fa5b
SHA512

5359ba3ee78096372dc486b55fabf2234c42dfd4e13d7455b0ca054d1a8a84af364c4d2083e583047d7040c3e278c867b7a8f73ad638abf219f639793653e268

Score

10^/10

redline 3 discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

0b969852c5e1537663d690bfaf170f4a00d9986f54d84.exe

Resource

win7-en-20211208

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

0b969852c5e1537663d690bfaf170f4a00d9986f54d84.exe

Resource

win10-en-20211208

redline 3 discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

3

C2

ginnalodaned.xyz:80

Targets

- Target
  
  0b969852c5e1537663d690bfaf170f4a00d9986f54d84.exe
- Size
  
  116KB
- MD5
  
  c2b56a031f17ee4633355ae5d70cb3a8
- SHA1
  
  1379afa68d4642d1f622a5a5479fd6899187e747
- SHA256
  
  0b969852c5e1537663d690bfaf170f4a00d9986f54d8469e55cfbc9e5cb3fa5b
- SHA512
  
  5359ba3ee78096372dc486b55fabf2234c42dfd4e13d7455b0ca054d1a8a84af364c4d2083e583047d7040c3e278c867b7a8f73ad638abf219f639793653e268
Score

10^/10

redline 3 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

behavioral2

redline3discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy