redline | a8d997ec0a35b5e1b9006dc4a90d4aa037c57ad3741f943e55bb473b468bc99b | Triage

Submit
Reports

Overview

overview

Static

static

setup.exe

windows7-x64

setup.exe

windows10-2004-x64

Sharing

General

Target

a8d997ec0a35b5e1b9006dc4a90d4aa037c57ad3741f943e55bb473b468bc99b
Size

442KB
Sample

220826-wwantsghh3
MD5

678e0c01043f8ab78e96c6f0c6766964
SHA1

5d6b7ac73d01c2214eaec1d4c0fdc171f5121e4c
SHA256

a8d997ec0a35b5e1b9006dc4a90d4aa037c57ad3741f943e55bb473b468bc99b
SHA512

ffe90e168479544b4c465a8dc481d0c9a8306967b33408434681c241348cd6b69a182665c06c9f6e4f374dff5e399b7cd1d49c01458907e93edcc6ab61afcb25
SSDEEP

12288:Qx6BuMT9xTF5g/NvuqRr/ZEqMBEOXJFl1bbB0AiBr:Qx6oMT9xTF5glvuqNMmG1bbuAUr

Score

10^/10

redline megamillion discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

setup.exe

Resource

win7-20220812-en

redline megamillion discovery infostealer spyware stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

setup.exe

Resource

win10v2004-20220812-en

redline megamillion discovery infostealer spyware stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

megamillion

C2

118.107.23.69:37132

Attributes

auth_value
39bff8ca97cd0aebbdf6070fb26fa650

Targets

- Target
  
  setup.exe
- Size
  
  460KB
- MD5
  
  357e1c60b7ca2bdaf8abaae8e17f345d
- SHA1
  
  95ee4100cb534db9b4f03fa8585c53bb14e7bd46
- SHA256
  
  7dfa267590515ca9e121b4ec618f1fbb988d8bcbdfa4ad27d1fd48a019707812
- SHA512
  
  787d51928df94ccd100d095412c6b5482a1ad4770e0e5f0532fe053bc870cddb1d1611ef0347ba639f14afe85e7f20a564113a14faf949ffe9105ed7901d480b
- SSDEEP
  
  6144:aHKlQVdaSHW6Oyx1WtLZnSVcU7NNfA/hPbE5Phvy/pu6agye9oZfFXgfcGVR6+Mj:iWuj6tKcgfA/2vvQpPf2pgtuEN6qg
Score

10^/10

redline megamillion discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinemegamilliondiscoveryinfostealerspywarestealer

behavioral2

redlinemegamilliondiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy