redline | 3aadd92795daa18b5eecb1c387a1c9bab60cfc427fbce23e61d947b116d0ada4 | Triage

Submit
Reports

Overview

overview

Static

static

FL Studio/....0.exe

windows7_x64

3

FL Studio/....0.exe

windows10-2004_x64

Sharing

General

Target

FL Studio.zip
Size

4.4MB
Sample

220525-xd4pmacdf6
MD5

7cdb5138bb2c77e738dc2f4d44e77914
SHA1

63c2622261b32159a2d6e27b93637adac541a351
SHA256

3aadd92795daa18b5eecb1c387a1c9bab60cfc427fbce23e61d947b116d0ada4
SHA512

0ab177ca40cd86c4d2ab6b4869e655eb037a828af54bfd4ad3aae02b6014a857eca5414a24e4a95e15a648ecb1340b6616a437cca12e5234dd5083433ef4f07d

Score

10^/10

redline 1 discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

FL Studio/FL Studio 3.2.0.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

FL Studio/FL Studio 3.2.0.exe

Resource

win10v2004-20220414-en

redline 1 discovery infostealer spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

1

C2

185.106.92.81:16312

Attributes

auth_value
54b1ff720bb86daceb65cf07d4d5ae88

Targets

- Target
  
  FL Studio/FL Studio 3.2.0.exe
- Size
  
  391.3MB
- MD5
  
  b0c5ae4dec5a28e5c27ee33e2e1ab240
- SHA1
  
  d84c677bbcc05a6d28001566196f43374dfec74e
- SHA256
  
  792ea90eb358df40c67fb494300cd97397375f7ec46ef6311cfff06f7fa58de0
- SHA512
  
  dbe14ada46abd5b86fcc54e828876410b1223682a832b091e3cca31d40269f06554c3e5ad7ce043ab231856f0ae0ff7d539d1f88cf0140062c186335e95f7e05
Score

10^/10

redline 1 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

redline1discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy