redline | aa7e5c5ab042b539c1ccaebe7c129bb54da0731be955dcfa328324ca776e3b01 | Triage

Submit
Reports

Overview

overview

Static

static

RQF #00811...L .exe

windows7_x64

3

RQF #00811...L .exe

windows10-2004_x64

Sharing

General

Target

RQF #00811-AL WASL .exe
Size

721KB
Sample

220331-rp47msdca4
MD5

3f8326ef5a02e2b20b6692ed3a4153ce
SHA1

5fa01330c418fc54fd57481f60a32eece6caa456
SHA256

aa7e5c5ab042b539c1ccaebe7c129bb54da0731be955dcfa328324ca776e3b01
SHA512

aabc56ae6c531c3402a4b399a9682eca99ff1198d1e8bbbdc2dfb201aed55d3036448af819363d38aaefd8674838969c7149e5821009759ecbf95c9269f6c6f3

Score

10^/10

redline jd discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

RQF #00811-AL WASL .exe

Resource

win7-20220311-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

RQF #00811-AL WASL .exe

Resource

win10v2004-en-20220113

redline jd discovery infostealer spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

jd

C2

96.47.234.207:15286

Targets

- Target
  
  RQF #00811-AL WASL .exe
- Size
  
  721KB
- MD5
  
  3f8326ef5a02e2b20b6692ed3a4153ce
- SHA1
  
  5fa01330c418fc54fd57481f60a32eece6caa456
- SHA256
  
  aa7e5c5ab042b539c1ccaebe7c129bb54da0731be955dcfa328324ca776e3b01
- SHA512
  
  aabc56ae6c531c3402a4b399a9682eca99ff1198d1e8bbbdc2dfb201aed55d3036448af819363d38aaefd8674838969c7149e5821009759ecbf95c9269f6c6f3
Score

10^/10

redline jd discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

redlinejddiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy