redline | be06e503bd48a2d5ec4dbb6532ad3ef1abd2d3659fa39baf2c34ebfc49b158cf | Triage

Submit
Reports

Overview

overview

Static

static

be06e503bd...39.exe

windows7_x64

be06e503bd...39.exe

windows10_x64

Sharing

General

Target

be06e503bd48a2d5ec4dbb6532ad3ef1abd2d3659fa39.exe
Size

5.0MB
Sample

220125-vmz2pabfe2
MD5

897fdc53ce5f26017c224ccab9001e74
SHA1

987fa2dec584d70da3c12f78ac777ca571261131
SHA256

be06e503bd48a2d5ec4dbb6532ad3ef1abd2d3659fa39baf2c34ebfc49b158cf
SHA512

ad52fea715a346f7377cfe131bc97da46c3f690a7f86e08b44feeb5857191b959eeee309394c6423e014e901a23dea77ec20b51ee581370fe4a5ba1cbd8c61ad

Score

10^/10

redline gladiator discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

be06e503bd48a2d5ec4dbb6532ad3ef1abd2d3659fa39.exe

Resource

win7-en-20211208

redline gladiator discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

be06e503bd48a2d5ec4dbb6532ad3ef1abd2d3659fa39.exe

Resource

win10-en-20211208

redline gladiator discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

GLADIATOR

C2

185.215.113.107:1433

Targets

- Target
  
  be06e503bd48a2d5ec4dbb6532ad3ef1abd2d3659fa39.exe
- Size
  
  5.0MB
- MD5
  
  897fdc53ce5f26017c224ccab9001e74
- SHA1
  
  987fa2dec584d70da3c12f78ac777ca571261131
- SHA256
  
  be06e503bd48a2d5ec4dbb6532ad3ef1abd2d3659fa39baf2c34ebfc49b158cf
- SHA512
  
  ad52fea715a346f7377cfe131bc97da46c3f690a7f86e08b44feeb5857191b959eeee309394c6423e014e901a23dea77ec20b51ee581370fe4a5ba1cbd8c61ad
Score

10^/10

redline gladiator discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinegladiatordiscoveryinfostealerspywarestealer

behavioral2

redlinegladiatordiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy