redline | 1b6682493488bcfc14f1590ae09a72be594a78bd3aa5ea8cb00594904f8bc00b | Triage

Submit
Reports

Overview

overview

Static

static

932-55-0x0...ry.exe

windows7-x64

932-55-0x0...ry.exe

windows10-2004-x64

Sharing

General

Target

932-55-0x00000000002F0000-0x0000000000310000-memory.dmp
Size

128KB
Sample

220830-k81v1agbc7
MD5

86d1f16781d583fd7b38fd315ca1de8b
SHA1

4942fcb1ef6f13218e9113962dd5602eb461a7dd
SHA256

1b6682493488bcfc14f1590ae09a72be594a78bd3aa5ea8cb00594904f8bc00b
SHA512

9840e91767f1f1a9b7901d092aea72284c979cabf9781e28968239c357d1d763302240bbedd257a43a1b63ee99be32ac62564035e2492a78e3abf7bf1926d2b2
SSDEEP

3072:2cvFBQCYKpi8IVJFKTc1v/x54sqzJQ7Qc2fjTahR4EASN6:2cvOt4c5/x5mzcwahR4jS

Score

10^/10

redline verif01 discovery infostealer spyware stealer

Static task

static1

verif01 redline

2 signatures

Behavioral task

behavioral1

Sample

932-55-0x00000000002F0000-0x0000000000310000-memory.exe

Resource

win7-20220812-en

redline verif01 discovery infostealer spyware stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

932-55-0x00000000002F0000-0x0000000000310000-memory.exe

Resource

win10v2004-20220812-en

redline verif01 discovery infostealer spyware stealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

VERIF01

C2

please.c0nnect2me.ru:7777

Attributes

auth_value
2eddda17dd5a8a8c16c28e7fe0f74b6c

Targets

- Target
  
  932-55-0x00000000002F0000-0x0000000000310000-memory.dmp
- Size
  
  128KB
- MD5
  
  86d1f16781d583fd7b38fd315ca1de8b
- SHA1
  
  4942fcb1ef6f13218e9113962dd5602eb461a7dd
- SHA256
  
  1b6682493488bcfc14f1590ae09a72be594a78bd3aa5ea8cb00594904f8bc00b
- SHA512
  
  9840e91767f1f1a9b7901d092aea72284c979cabf9781e28968239c357d1d763302240bbedd257a43a1b63ee99be32ac62564035e2492a78e3abf7bf1926d2b2
- SSDEEP
  
  3072:2cvFBQCYKpi8IVJFKTc1v/x54sqzJQ7Qc2fjTahR4EASN6:2cvOt4c5/x5mzcwahR4jS
Score

10^/10

redline verif01 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineverif01discoveryinfostealerspywarestealer

behavioral2

redlineverif01discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy