redline | 5bea873f424343d158a59032eba5e9d54a7e21634169eb6a95c9d6a11cd2b9f4 | Triage

Submit
Reports

Overview

overview

Static

static

b2ba97534d...2d.exe

windows7-x64

b2ba97534d...2d.exe

windows10-2004-x64

Sharing

General

Target

b2ba97534d4f06a680b89e7a72f9bd2d.exe
Size

107KB
Sample

220815-gm2cvsfafl
MD5

b2ba97534d4f06a680b89e7a72f9bd2d
SHA1

94621d3abcb442cabbdbb98bc8c348d87b63e55b
SHA256

5bea873f424343d158a59032eba5e9d54a7e21634169eb6a95c9d6a11cd2b9f4
SHA512

f1f5a01530f2bdd55ecfdf59005e4764ccdc57a6301431342ceca63e5428cbc717ec976b236ab71302b8b9ec80bca71714f41c2a4d8b0eb1c1fc227e235a1099

Score

10^/10

redline x discovery infostealer spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

b2ba97534d4f06a680b89e7a72f9bd2d.exe

Resource

win7-20220812-en

redline x discovery infostealer spyware stealer

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

b2ba97534d4f06a680b89e7a72f9bd2d.exe

Resource

win10v2004-20220812-en

redline x discovery infostealer spyware stealer

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

X

C2

45.76.223.107:25950

Attributes

auth_value
249e1ece2f90b39d9c5563282076f21f

Targets

- Target
  
  b2ba97534d4f06a680b89e7a72f9bd2d.exe
- Size
  
  107KB
- MD5
  
  b2ba97534d4f06a680b89e7a72f9bd2d
- SHA1
  
  94621d3abcb442cabbdbb98bc8c348d87b63e55b
- SHA256
  
  5bea873f424343d158a59032eba5e9d54a7e21634169eb6a95c9d6a11cd2b9f4
- SHA512
  
  f1f5a01530f2bdd55ecfdf59005e4764ccdc57a6301431342ceca63e5428cbc717ec976b236ab71302b8b9ec80bca71714f41c2a4d8b0eb1c1fc227e235a1099
Score

10^/10

redline x discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinexdiscoveryinfostealerspywarestealer

behavioral2

redlinexdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy