redline | 36df1b8107d34e30f7cb609bd06f1008d7f92c24a7475d9428e15373aa6d9a8b | Triage

Submit
Reports

Overview

overview

Static

static

36df1b8107...in.exe

windows7_x64

36df1b8107...in.exe

windows10_x64

Sharing

General

Target

36df1b8107d34e30f7cb609bd06f1008d7f92c24a7475d9428e15373aa6d9a8b.bin.sample
Size

289KB
Sample

220127-s7hxssfgb3
MD5

e18d00380ca446a2e8e9b6ba9f4bc10c
SHA1

c012d7c5a8374805c31cf3dd3bfe52af562e704c
SHA256

36df1b8107d34e30f7cb609bd06f1008d7f92c24a7475d9428e15373aa6d9a8b
SHA512

ae9738815e1d6673a4a6de2d97309a4c46235cfc038789e82d1a228353e6ddbcaeadd4523b7fbd4a732d19efed8d4235d87166640b3ef94a117801577bce1fee

Score

10^/10

redline smokeloader backdoor collection discovery evasion infostealer spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

36df1b8107d34e30f7cb609bd06f1008d7f92c24a7475d9428e15373aa6d9a8b.bin.exe

Resource

win7-en-20211208

redline smokeloader backdoor discovery infostealer spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

36df1b8107d34e30f7cb609bd06f1008d7f92c24a7475d9428e15373aa6d9a8b.bin.exe

Resource

win10-en-20211208

redline smokeloader backdoor collection discovery evasion infostealer spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://nahbleiben.at/upload/

http://noblecreativeaz.com/upload/

http://tvqaq.cn/upload/

http://recmaster.ru/upload/

http://sovels.ru/upload/

https://oakland-studio.video/search.php

https://seattle-university.video/search.php

rc4.i32

rc4.i32

rc4.i32

rc4.i32

Extracted

Family

redline

C2

45.32.171.34:42954

Targets

- Target
  
  36df1b8107d34e30f7cb609bd06f1008d7f92c24a7475d9428e15373aa6d9a8b.bin.sample
- Size
  
  289KB
- MD5
  
  e18d00380ca446a2e8e9b6ba9f4bc10c
- SHA1
  
  c012d7c5a8374805c31cf3dd3bfe52af562e704c
- SHA256
  
  36df1b8107d34e30f7cb609bd06f1008d7f92c24a7475d9428e15373aa6d9a8b
- SHA512
  
  ae9738815e1d6673a4a6de2d97309a4c46235cfc038789e82d1a228353e6ddbcaeadd4523b7fbd4a732d19efed8d4235d87166640b3ef94a117801577bce1fee
Score

10^/10

redline smokeloader backdoor discovery infostealer spyware stealer trojan collection evasion
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Process Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinesmokeloaderbackdoordiscoveryinfostealerspywarestealertrojan

behavioral2

redlinesmokeloaderbackdoorcollectiondiscoveryevasioninfostealerspywarestealertrojan

© 2018-2024

Terms | Privacy