redline | 9b47990bfd7bd783dadfd534c4ba4f2d67c8044b39f24cf62ff2d96c9f78b88c | Triage

Submit
Reports

Overview

overview

Static

static

0x00080000...71.exe

windows7_x64

0x00080000...71.exe

windows10-2004_x64

Sharing

General

Target

0x0008000000013a8b-71.dat
Size

102KB
Sample

220324-zkb93aahen
MD5

45ed3071803b83c772409ca27d59b450
SHA1

d5c8365847583db6ea84b09a4877d6e4b8d11a4a
SHA256

9b47990bfd7bd783dadfd534c4ba4f2d67c8044b39f24cf62ff2d96c9f78b88c
SHA512

c09c39bffc40c1521609190004ecae9191e9ab4d10c214c2f6ee42f9575e681f753fc12cb550688287f840c228fccd8ba56d7eebd4b2c845031c2cc060c03553

Score

10^/10

redline 1137502411 discovery infostealer spyware stealer

Static task

static1

1137502411 redline

Behavioral task

behavioral1

Sample

0x0008000000013a8b-71.exe

Resource

win7-20220310-en

redline 1137502411 infostealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

0x0008000000013a8b-71.exe

Resource

win10v2004-en-20220113

redline 1137502411 discovery infostealer spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

1137502411

C2

193.232.179.34:20856

Attributes

auth_value
bf80dce2076c6f3cb9ed05b510f4060e

Targets

- Target
  
  0x0008000000013a8b-71.dat
- Size
  
  102KB
- MD5
  
  45ed3071803b83c772409ca27d59b450
- SHA1
  
  d5c8365847583db6ea84b09a4877d6e4b8d11a4a
- SHA256
  
  9b47990bfd7bd783dadfd534c4ba4f2d67c8044b39f24cf62ff2d96c9f78b88c
- SHA512
  
  c09c39bffc40c1521609190004ecae9191e9ab4d10c214c2f6ee42f9575e681f753fc12cb550688287f840c228fccd8ba56d7eebd4b2c845031c2cc060c03553
Score

10^/10

redline 1137502411 infostealer discovery spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

1137502411redline

behavioral1

redline1137502411infostealer

behavioral2

redline1137502411discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy