redline | 84bdcbcb4f0c101eaf448ef5c1d727590b3a35e08a9fd94cc21b500760c8d172 | Triage

Submit
Reports

Overview

overview

Static

static

file.exe

windows7-x64

file.exe

windows10-2004-x64

Sharing

General

Target

file.exe
Size

495KB
Sample

220908-j29c5abcbl
MD5

7535dc4b5014e5c1dc1fb7aaf71e9b90
SHA1

8aa410b2023938f6975f7aa176120e00e8c909bd
SHA256

84bdcbcb4f0c101eaf448ef5c1d727590b3a35e08a9fd94cc21b500760c8d172
SHA512

d423b6768a9f554da81c2087d6de3e2f03682d9fc26f17db0ecbe165238ca2dbd16120d761dd3f3b8171ac1d9fc8132d844f104af8d6a3d6195de5657a5ebc74
SSDEEP

6144:WEQjRQanNiWLZ/ZaaIJA9elvRlhan9WyH4lfVkri5owqQtBuRIxY3KPBbkAORmiY:WTR+C9GvHhan9WHqQj2SiawSW+

Score

10^/10

redline @forceddd_lzt infostealer spyware

Static task

static1

Behavioral task

behavioral1

Sample

file.exe

Resource

win7-20220812-en

redline @forceddd_lzt infostealer spyware

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

file.exe

Resource

win10v2004-20220812-en

redline @forceddd_lzt infostealer spyware

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

@forceddd_lzt

C2

5.182.36.101:31305

Attributes

auth_value
91ffc3d776bc56b5c410d1adf5648512

Targets

- Target
  
  file.exe
- Size
  
  495KB
- MD5
  
  7535dc4b5014e5c1dc1fb7aaf71e9b90
- SHA1
  
  8aa410b2023938f6975f7aa176120e00e8c909bd
- SHA256
  
  84bdcbcb4f0c101eaf448ef5c1d727590b3a35e08a9fd94cc21b500760c8d172
- SHA512
  
  d423b6768a9f554da81c2087d6de3e2f03682d9fc26f17db0ecbe165238ca2dbd16120d761dd3f3b8171ac1d9fc8132d844f104af8d6a3d6195de5657a5ebc74
- SSDEEP
  
  6144:WEQjRQanNiWLZ/ZaaIJA9elvRlhan9WyH4lfVkri5owqQtBuRIxY3KPBbkAORmiY:WTR+C9GvHhan9WHqQj2SiawSW+
Score

10^/10

redline @forceddd_lzt infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline@forceddd_lztinfostealerspyware

behavioral2

redline@forceddd_lztinfostealerspyware

© 2018-2024

Terms | Privacy