redline | acc0ecbdc7b7a0166f81f9c693f7f8f59ddd4fefb8f0cf3ea6717688db343830 | Triage

Submit
Reports

Overview

overview

Static

static

1a0e4cf791...b4.exe

windows7_x64

1a0e4cf791...b4.exe

windows10-2004_x64

Sharing

General

Target

1a0e4cf791bb4a29526d13c5bf0626b4.exe
Size

133KB
Sample

220705-tlbf9scfd4
MD5

1a0e4cf791bb4a29526d13c5bf0626b4
SHA1

126218596b341d0741e2f7a2ffb3b0df4df3ec53
SHA256

acc0ecbdc7b7a0166f81f9c693f7f8f59ddd4fefb8f0cf3ea6717688db343830
SHA512

b268f1c6e0d441c3e42e6988220fb3722cbaf047490ff8164c43406d6d6daf6f0a8a32d7b666e8b64eea0d2c79736bab2e6d6717e960cd7ec868d4588b307de6

Score

10^/10

redline 520 discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

1a0e4cf791bb4a29526d13c5bf0626b4.exe

Resource

win7-20220414-en

redline 520 discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

1a0e4cf791bb4a29526d13c5bf0626b4.exe

Resource

win10v2004-20220414-en

redline 520 discovery infostealer spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

520

C2

20.115.64.44:48807

Attributes

auth_value
e1e1d5389e92e0d40c12ce3e3416fa74

Targets

- Target
  
  1a0e4cf791bb4a29526d13c5bf0626b4.exe
- Size
  
  133KB
- MD5
  
  1a0e4cf791bb4a29526d13c5bf0626b4
- SHA1
  
  126218596b341d0741e2f7a2ffb3b0df4df3ec53
- SHA256
  
  acc0ecbdc7b7a0166f81f9c693f7f8f59ddd4fefb8f0cf3ea6717688db343830
- SHA512
  
  b268f1c6e0d441c3e42e6988220fb3722cbaf047490ff8164c43406d6d6daf6f0a8a32d7b666e8b64eea0d2c79736bab2e6d6717e960cd7ec868d4588b307de6
Score

10^/10

redline 520 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline520discoveryinfostealerspywarestealer

behavioral2

redline520discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy