redline | d4e46ded5bca4a7086100e2296e9f434d357af08cc5153091834f0b6969133f6 | Triage

Submit
Reports

Overview

overview

Static

static

8

D4E46DED5B...15.exe

windows7-x64

D4E46DED5B...15.exe

windows10-2004-x64

8

Sharing

General

Target

D4E46DED5BCA4A7086100E2296E9F434D357AF08CC515.exe
Size

3.5MB
Sample

220806-mghw8adfcl
MD5

9ce5f14b8594d39723d696d393ed5cd5
SHA1

920a12bb0dce60d81d9b149a5d8fb8e7893ffd56
SHA256

d4e46ded5bca4a7086100e2296e9f434d357af08cc5153091834f0b6969133f6
SHA512

b0652648aa7b94764be0f27a4941680c6a7ba12b367713e2aac149be1ccd572ecaf1deca6d637e23f4995c04b636d240445f849bbc7bae7ffd6b3b441e7b1be6

Score

10^/10

redline 3 discovery infostealer spyware stealer vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

D4E46DED5BCA4A7086100E2296E9F434D357AF08CC515.exe

Resource

win7-20220718-en

redline 3 discovery infostealer vmprotect

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

D4E46DED5BCA4A7086100E2296E9F434D357AF08CC515.exe

Resource

win10v2004-20220721-en

discovery spyware stealer vmprotect

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

3

C2

95.217.188.140:33503

Attributes

auth_value
a34cc5e78c548506cf8a16e5ac230fff

Targets

- Target
  
  D4E46DED5BCA4A7086100E2296E9F434D357AF08CC515.exe
- Size
  
  3.5MB
- MD5
  
  9ce5f14b8594d39723d696d393ed5cd5
- SHA1
  
  920a12bb0dce60d81d9b149a5d8fb8e7893ffd56
- SHA256
  
  d4e46ded5bca4a7086100e2296e9f434d357af08cc5153091834f0b6969133f6
- SHA512
  
  b0652648aa7b94764be0f27a4941680c6a7ba12b367713e2aac149be1ccd572ecaf1deca6d637e23f4995c04b636d240445f849bbc7bae7ffd6b3b441e7b1be6
Score

10^/10

redline 3 discovery infostealer vmprotect spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline3discoveryinfostealervmprotect

behavioral2

discoveryspywarestealervmprotect

© 2018-2024

Terms | Privacy