redline | 86313af86b044fa4998f50c78a73e168d50d3a48d1e65d44584d6d5c7df52b0d | Triage

Submit
Reports

Overview

overview

Static

static

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

86313AF86B044FA4998F50C78A73E168D50D3A48D1E65D44584D6D5C7DF52B0D
Size

2.5MB
Sample

220812-bl7klahcb6
MD5

98180fcc5fd2a110e991fb70573ee290
SHA1

60cef139fb0b713caba022dc62f07a2a19f2fd01
SHA256

86313af86b044fa4998f50c78a73e168d50d3a48d1e65d44584d6d5c7df52b0d
SHA512

050a86eae43854c5858f781ed5897c6f44d467639132a5b335a523ebf294509919cb018dd782255f634efb8dc99f53c707773fff4b02ed1af5491df3af379d55

Score

10^/10

redline xmrig ytstealer infostealer miner persistence spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

86313AF86B044FA4998F50C78A73E168D50D3A48D1E65D44584D6D5C7DF52B0D.exe

Resource

win7-20220715-en

redline infostealer spyware

windows7-x64

7 signatures

300 seconds

Behavioral task

behavioral2

Sample

86313AF86B044FA4998F50C78A73E168D50D3A48D1E65D44584D6D5C7DF52B0D.exe

Resource

win10-20220722-en

redline xmrig ytstealer infostealer miner persistence spyware stealer upx

windows10-1703-x64

20 signatures

300 seconds

Malware Config

Extracted

Family

redline

C2

62.204.41.141:24758

Attributes

auth_value
696026fc51b785eaab70bf29592a77da

Targets

- Target
  
  86313AF86B044FA4998F50C78A73E168D50D3A48D1E65D44584D6D5C7DF52B0D
- Size
  
  2.5MB
- MD5
  
  98180fcc5fd2a110e991fb70573ee290
- SHA1
  
  60cef139fb0b713caba022dc62f07a2a19f2fd01
- SHA256
  
  86313af86b044fa4998f50c78a73e168d50d3a48d1e65d44584d6d5c7df52b0d
- SHA512
  
  050a86eae43854c5858f781ed5897c6f44d467639132a5b335a523ebf294509919cb018dd782255f634efb8dc99f53c707773fff4b02ed1af5491df3af379d55
Score

10^/10

redline infostealer spyware xmrig ytstealer miner persistence stealer upx
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- YTStealer
  YTStealer is a malware designed to steal YouTube authentication cookies.
  stealer ytstealer
- YTStealer payload
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Web Service

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

redlineinfostealerspyware

behavioral2

redlinexmrigytstealerinfostealerminerpersistencespywarestealerupx

© 2018-2024

Terms | Privacy