redline | 308fcf160e8a3e3956eae1a8a2285d06813dd879104601e884b5af4c960ca82a | Triage

Submit
Reports

Overview

overview

Static

static

308FCF160E...60.exe

windows7_x64

308FCF160E...60.exe

windows10-2004_x64

Sharing

General

Target

308FCF160E8A3E3956EAE1A8A2285D06813DD87910460.exe
Size

106KB
Sample

220610-t2g9raheh9
MD5

a46648b2dd6e96562b144ae36956f123
SHA1

caa5d0f31b1dcc21e2267a2b240d35e1c7ce769a
SHA256

308fcf160e8a3e3956eae1a8a2285d06813dd879104601e884b5af4c960ca82a
SHA512

311fd32bd11758d72be1324666bc8e504682e48095698cef6d65ced0422a53f636fbf4cb66348f37e945fb043cf590a57b368a64d9516e47bb04b1a53e56ec52

Score

10^/10

redline 10 discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

308FCF160E8A3E3956EAE1A8A2285D06813DD87910460.exe

Resource

win7-20220414-en

redline 10 discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

308FCF160E8A3E3956EAE1A8A2285D06813DD87910460.exe

Resource

win10v2004-20220414-en

redline 10 discovery infostealer spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

10

C2

179.43.154.136:6001

Attributes

auth_value
d695bfb18b65b93b53b6583424227f3c

Targets

- Target
  
  308FCF160E8A3E3956EAE1A8A2285D06813DD87910460.exe
- Size
  
  106KB
- MD5
  
  a46648b2dd6e96562b144ae36956f123
- SHA1
  
  caa5d0f31b1dcc21e2267a2b240d35e1c7ce769a
- SHA256
  
  308fcf160e8a3e3956eae1a8a2285d06813dd879104601e884b5af4c960ca82a
- SHA512
  
  311fd32bd11758d72be1324666bc8e504682e48095698cef6d65ced0422a53f636fbf4cb66348f37e945fb043cf590a57b368a64d9516e47bb04b1a53e56ec52
Score

10^/10

redline 10 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline10discoveryinfostealerspywarestealer

behavioral2

redline10discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy