redline | f576580f69157f1e64941256a721f74d38ae8b562281d631f9b864538871ef3d | Triage

Submit
Reports

Overview

overview

Static

static

EasyCheat.exe

windows7_x64

EasyCheat.exe

windows10_x64

Sharing

General

Target

EasyCheat.exe
Size

74KB
Sample

220126-s396gsefcp
MD5

76cd2291f9307d31ca70cc155bfef971
SHA1

e36c68f7bc50150dfb1f3ed54c6a3503f680852a
SHA256

f576580f69157f1e64941256a721f74d38ae8b562281d631f9b864538871ef3d
SHA512

da6c892b97f6d402be227c6ad6ad772824d5e6dfe3d8088ce51d22f26bd1d652472e743aac0fb3a83f96f4d686b3b6c13b074e0c592f43a68a4881da5544919e

Score

10^/10

redline panel discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

EasyCheat.exe

Resource

win7-en-20211208

redline panel discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

EasyCheat.exe

Resource

win10-en-20211208

redline panel discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

Panel

C2

185.128.107.102:6886

Targets

- Target
  
  EasyCheat.exe
- Size
  
  74KB
- MD5
  
  76cd2291f9307d31ca70cc155bfef971
- SHA1
  
  e36c68f7bc50150dfb1f3ed54c6a3503f680852a
- SHA256
  
  f576580f69157f1e64941256a721f74d38ae8b562281d631f9b864538871ef3d
- SHA512
  
  da6c892b97f6d402be227c6ad6ad772824d5e6dfe3d8088ce51d22f26bd1d652472e743aac0fb3a83f96f4d686b3b6c13b074e0c592f43a68a4881da5544919e
Score

10^/10

redline panel discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinepaneldiscoveryinfostealerspywarestealer

behavioral2

redlinepaneldiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy