redline | 2105710d19c34b91be3a37c24ab4a4835dcdc606c0f2d8b487beb0d24e336124 | Triage

Submit
Reports

Overview

overview

Static

static

0b757d38d3...e8.exe

windows7_x64

0b757d38d3...e8.exe

windows10-2004_x64

Sharing

General

Target

0b757d38d347d1f763f59ab7f0423ae8.exe
Size

406KB
Sample

220605-h9h1gahaa4
MD5

0b757d38d347d1f763f59ab7f0423ae8
SHA1

fcf1b343ab5c7f9ac72fc6c85b3c478c5875f577
SHA256

2105710d19c34b91be3a37c24ab4a4835dcdc606c0f2d8b487beb0d24e336124
SHA512

0b9661590897256242ddc4ea43d069999e1ddca9d7fed671a6aa31a60f0da4bd820b8bb6c2502fa1b7979dea932375e2363e882e31379935751af1cdf2ce7d94

Score

10^/10

redline x infostealer spyware

Static task

static1

Behavioral task

behavioral1

Sample

0b757d38d347d1f763f59ab7f0423ae8.exe

Resource

win7-20220414-en

redline x infostealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

0b757d38d347d1f763f59ab7f0423ae8.exe

Resource

win10v2004-20220414-en

redline x infostealer spyware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

X

C2

194.127.179.35:35180

Attributes

auth_value
76e43cff05002e5f6e3334fa7946e404

Targets

- Target
  
  0b757d38d347d1f763f59ab7f0423ae8.exe
- Size
  
  406KB
- MD5
  
  0b757d38d347d1f763f59ab7f0423ae8
- SHA1
  
  fcf1b343ab5c7f9ac72fc6c85b3c478c5875f577
- SHA256
  
  2105710d19c34b91be3a37c24ab4a4835dcdc606c0f2d8b487beb0d24e336124
- SHA512
  
  0b9661590897256242ddc4ea43d069999e1ddca9d7fed671a6aa31a60f0da4bd820b8bb6c2502fa1b7979dea932375e2363e882e31379935751af1cdf2ce7d94
Score

10^/10

redline x infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinexinfostealer

behavioral2

redlinexinfostealerspyware

© 2018-2024

Terms | Privacy