redline | 0f6fac67fa6f0c0a2c9828303c29c5a3427b49350f1f3e9a592aae632a32f6da | Triage

Submit
Reports

Overview

overview

Static

static

bind.exe

windows10-1703-x64

Sharing

General

Target

bind.exe
Size

388KB
Sample

220819-wjzr7agfcp
MD5

cc4eb344771336f98463f865de01f847
SHA1

9c1a1e2fb4d7679febabbb2f9407b15462a5ffbb
SHA256

0f6fac67fa6f0c0a2c9828303c29c5a3427b49350f1f3e9a592aae632a32f6da
SHA512

66dee51b79375dc997ccf5e7700cc79a768d8168bc2264d80ba6343fd5b6b5b702f6b98417d4024007ca655205dc68a49e61ce91a8eee7a7b95af8c1cbe54667
SSDEEP

6144:nZDcYLG0Lahyeq3SSz3qAyvRh3nSrbH1wzijcUOxkH8EG:JXbSJnSrblgUOx88

Score

10^/10

redline 1877 discovery infostealer spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

bind.exe

Resource

win10-20220812-en

redline 1877 discovery infostealer spyware stealer

windows10-1703-x64

11 signatures

30 seconds

Malware Config

Extracted

Family

redline

Botnet

1877

C2

overthinker1877.duckdns.org:60732

Targets

- Target
  
  bind.exe
- Size
  
  388KB
- MD5
  
  cc4eb344771336f98463f865de01f847
- SHA1
  
  9c1a1e2fb4d7679febabbb2f9407b15462a5ffbb
- SHA256
  
  0f6fac67fa6f0c0a2c9828303c29c5a3427b49350f1f3e9a592aae632a32f6da
- SHA512
  
  66dee51b79375dc997ccf5e7700cc79a768d8168bc2264d80ba6343fd5b6b5b702f6b98417d4024007ca655205dc68a49e61ce91a8eee7a7b95af8c1cbe54667
- SSDEEP
  
  6144:nZDcYLG0Lahyeq3SSz3qAyvRh3nSrbH1wzijcUOxkH8EG:JXbSJnSrblgUOx88
Score

10^/10

redline 1877 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline1877discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy