redline | aaf2bb6ec3848842acc9e7c4ce6eca304f3adf4750e18a0ba53ad124445f4826 | Triage

Submit
Reports

Overview

overview

Static

static

b67d29172e...f1.exe

windows7_x64

b67d29172e...f1.exe

windows10-2004_x64

Sharing

General

Target

b67d29172e65df8ad67bb1bcb2a91ef1.exe
Size

107KB
Sample

220521-pq6qrafha4
MD5

b67d29172e65df8ad67bb1bcb2a91ef1
SHA1

49c759419071cb33da48a3355e872792112af69d
SHA256

aaf2bb6ec3848842acc9e7c4ce6eca304f3adf4750e18a0ba53ad124445f4826
SHA512

91f23742184cd0341a116e3bd259dbca13ebbf1355a1726167b0a009e2e4cf46d236d3cbedd0b40e4f04c42c4520e7e99140898d3752dbf1d97b03ef52a015e4

Score

10^/10

redline stepme#4 discovery infostealer spyware stealer

Static task

static1

stepme#4 redline

Behavioral task

behavioral1

Sample

b67d29172e65df8ad67bb1bcb2a91ef1.exe

Resource

win7-20220414-en

redline stepme#4 discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

b67d29172e65df8ad67bb1bcb2a91ef1.exe

Resource

win10v2004-20220414-en

redline stepme#4 discovery infostealer spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

stepme#4

C2

51.89.155.45:22595

Attributes

auth_value
cae2ff6a126e46df01eaadfb927c199b

Targets

- Target
  
  b67d29172e65df8ad67bb1bcb2a91ef1.exe
- Size
  
  107KB
- MD5
  
  b67d29172e65df8ad67bb1bcb2a91ef1
- SHA1
  
  49c759419071cb33da48a3355e872792112af69d
- SHA256
  
  aaf2bb6ec3848842acc9e7c4ce6eca304f3adf4750e18a0ba53ad124445f4826
- SHA512
  
  91f23742184cd0341a116e3bd259dbca13ebbf1355a1726167b0a009e2e4cf46d236d3cbedd0b40e4f04c42c4520e7e99140898d3752dbf1d97b03ef52a015e4
Score

10^/10

redline stepme#4 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

stepme#4redline

behavioral1

redlinestepme#4discoveryinfostealerspywarestealer

behavioral2

redlinestepme#4discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy