redline | 2c03b271f9f6870ba2d36e812d737d841b3fec61d0f1404271af57cfee4610a8 | Triage

Submit
Reports

Overview

overview

Static

static

aue.exe

windows7_x64

aue.exe

windows10-2004_x64

Sharing

General

Target

aue.exe
Size

2.3MB
Sample

220421-xplm7afbh5
MD5

59fe49e18a0d7e34c341039b9e201a1b
SHA1

4dcff49906fc3edc5f56597ad5603de95406bd42
SHA256

2c03b271f9f6870ba2d36e812d737d841b3fec61d0f1404271af57cfee4610a8
SHA512

0f16da2dc9dee0e4779bcfb6cefb06be083ea1cc0c96ae3faa168d3c403f5ebfc8db116159112c25cc491544e355f4c777ff3d9d328794dfc5402e32e1403de5

Score

10^/10

redline install discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

aue.exe

Resource

win7-20220414-en

redline install discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

aue.exe

Resource

win10v2004-20220414-en

redline install discovery infostealer spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

install

C2

193.150.103.38:40169

Attributes

auth_value
7b121606198c8456e17d49ab8c2d0e42

Targets

- Target
  
  aue.exe
- Size
  
  2.3MB
- MD5
  
  59fe49e18a0d7e34c341039b9e201a1b
- SHA1
  
  4dcff49906fc3edc5f56597ad5603de95406bd42
- SHA256
  
  2c03b271f9f6870ba2d36e812d737d841b3fec61d0f1404271af57cfee4610a8
- SHA512
  
  0f16da2dc9dee0e4779bcfb6cefb06be083ea1cc0c96ae3faa168d3c403f5ebfc8db116159112c25cc491544e355f4c777ff3d9d328794dfc5402e32e1403de5
Score

10^/10

redline install discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineinstalldiscoveryinfostealerspywarestealer

behavioral2

redlineinstalldiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy