redline | 33b73473e3c2757d2dc7f3e1dd94d06cdb2aff24cf32c8a8cd5ae44decb21e6d | Triage

Submit
Reports

Overview

overview

Static

static

f4478de1df...4b.exe

windows7_x64

f4478de1df...4b.exe

windows10-2004_x64

Sharing

General

Target

f4478de1dfeb26dae509d2c5f20eeb4b.exe
Size

315KB
Sample

220330-f6mhdagfg5
MD5

f4478de1dfeb26dae509d2c5f20eeb4b
SHA1

ff35f32a4a43a54512517f3e022c17fdbf918b05
SHA256

33b73473e3c2757d2dc7f3e1dd94d06cdb2aff24cf32c8a8cd5ae44decb21e6d
SHA512

5a8c96f040c11460d16968493b1d375a4f804539409ef5c9928fbea1c6fd75a572f76c099595c444b79065932ee6a6aad820cb8c8558ad88f58dd21301035c18

Score

10^/10

redline shop discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

f4478de1dfeb26dae509d2c5f20eeb4b.exe

Resource

win7-20220310-en

redline shop discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

f4478de1dfeb26dae509d2c5f20eeb4b.exe

Resource

win10v2004-en-20220113

redline shop discovery infostealer spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

SHOP

C2

81.91.178.186:19410

Attributes

auth_value
7273a6cb679b168231d3174961c76baa

Targets

- Target
  
  f4478de1dfeb26dae509d2c5f20eeb4b.exe
- Size
  
  315KB
- MD5
  
  f4478de1dfeb26dae509d2c5f20eeb4b
- SHA1
  
  ff35f32a4a43a54512517f3e022c17fdbf918b05
- SHA256
  
  33b73473e3c2757d2dc7f3e1dd94d06cdb2aff24cf32c8a8cd5ae44decb21e6d
- SHA512
  
  5a8c96f040c11460d16968493b1d375a4f804539409ef5c9928fbea1c6fd75a572f76c099595c444b79065932ee6a6aad820cb8c8558ad88f58dd21301035c18
Score

10^/10

redline shop discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineshopdiscoveryinfostealerspywarestealer

behavioral2

redlineshopdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy