redline | 5bbe661cfc9bc2bc87e247ed77e8842405a8c668f6185a6bfcc1344ff871f065 | Triage

Submit
Reports

Overview

overview

Static

static

785d2a137e...51.exe

windows7_x64

785d2a137e...51.exe

windows10-2004_x64

Sharing

General

Target

785d2a137e07c46e7ea165de0f16cb51
Size

1.2MB
Sample

220308-v9fasscgcn
MD5

785d2a137e07c46e7ea165de0f16cb51
SHA1

975258bbb7889f0ebabf1ef518cc673a56c6ab05
SHA256

5bbe661cfc9bc2bc87e247ed77e8842405a8c668f6185a6bfcc1344ff871f065
SHA512

e7745cea21bb4c94db27dfe5e095bf59ea41a3e47294f0e9aa6a841d9525a868ef6d5a09a929ac01c5ebc8908a6fdb4fdeb4653e63ecdf024d0f83f33b69455d

Score

10^/10

redline 1 discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

785d2a137e07c46e7ea165de0f16cb51.exe

Resource

win7-en-20211208

redline 1 discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

785d2a137e07c46e7ea165de0f16cb51.exe

Resource

win10v2004-en-20220112

redline 1 discovery infostealer spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

1

C2

193.106.191.115:22844

Attributes

auth_value
03a75a697cd88e0f34b1f6c08b8bbba9

Targets

- Target
  
  785d2a137e07c46e7ea165de0f16cb51
- Size
  
  1.2MB
- MD5
  
  785d2a137e07c46e7ea165de0f16cb51
- SHA1
  
  975258bbb7889f0ebabf1ef518cc673a56c6ab05
- SHA256
  
  5bbe661cfc9bc2bc87e247ed77e8842405a8c668f6185a6bfcc1344ff871f065
- SHA512
  
  e7745cea21bb4c94db27dfe5e095bf59ea41a3e47294f0e9aa6a841d9525a868ef6d5a09a929ac01c5ebc8908a6fdb4fdeb4653e63ecdf024d0f83f33b69455d
Score

10^/10

redline 1 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline1discoveryinfostealerspywarestealer

behavioral2

redline1discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy