redline | 10c46c22bc98176fa5cdfcd547aab92739a0746b51d4a8385a7775f395b20311 | Triage

Submit
Reports

Overview

overview

Static

static

GeneratedStub.exe

windows7_x64

GeneratedStub.exe

windows10-2004_x64

Sharing

General

Target

GeneratedStub.exe
Size

104KB
Sample

220615-1tks8sfhd4
MD5

5d125934873e0583f3d6c21f7256f357
SHA1

a4a93b4dec7f32c716eee45fb104c7a8638526f9
SHA256

10c46c22bc98176fa5cdfcd547aab92739a0746b51d4a8385a7775f395b20311
SHA512

5a0f343f7ef5136295d2989298ce4b652c11b246d7f5aeff72dbbb134f03c0eb6e434c05c9233a4c223e4677eabeb39a8ee3decae13c26bd079e55d2d3c772e2

Score

10^/10

redline hello discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

GeneratedStub.exe

Resource

win7-20220414-en

redline hello infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

GeneratedStub.exe

Resource

win10v2004-20220414-en

redline hello discovery infostealer spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

hello

C2

212.192.246.68:22378

Attributes

auth_value
657aef04a49cf463fcc5f58eaaa85930

Targets

- Target
  
  GeneratedStub.exe
- Size
  
  104KB
- MD5
  
  5d125934873e0583f3d6c21f7256f357
- SHA1
  
  a4a93b4dec7f32c716eee45fb104c7a8638526f9
- SHA256
  
  10c46c22bc98176fa5cdfcd547aab92739a0746b51d4a8385a7775f395b20311
- SHA512
  
  5a0f343f7ef5136295d2989298ce4b652c11b246d7f5aeff72dbbb134f03c0eb6e434c05c9233a4c223e4677eabeb39a8ee3decae13c26bd079e55d2d3c772e2
Score

10^/10

redline hello infostealer spyware stealer discovery
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinehelloinfostealerspywarestealer

behavioral2

redlinehellodiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy