redline | eb2fbb6206ae3f6783291e3bce4c451c20093ca6777fb769c19aecd1f3a3a36e | Triage

Submit
Reports

Overview

overview

Static

static

35557a3d1a...6b.exe

windows7-x64

35557a3d1a...6b.exe

windows10-2004-x64

Sharing

General

Target

35557a3d1a90bdd05dab601b81ef886b.exe
Size

207KB
Sample

220913-wd1gjacaaq
MD5

35557a3d1a90bdd05dab601b81ef886b
SHA1

b49f1df1e56c904162db24c187446ad0f8ed0873
SHA256

eb2fbb6206ae3f6783291e3bce4c451c20093ca6777fb769c19aecd1f3a3a36e
SHA512

5be3106a6f5e5f5021fe2b2a71334beacc46ef9e84649885dc293896e8738f0f8f02c3279142b19a11a269989acd9f6ab96eb086119c3629e6c2eb26b69f8bd8
SSDEEP

6144:kMK8BjzFwFVb+LkEu+zRhU9dR9pexYL6qsEOQL:pJlwFVb+LkEu+0dR9pCry

Score

10^/10

redline sep10as1 discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

35557a3d1a90bdd05dab601b81ef886b.exe

Resource

win7-20220812-en

redline sep10as1 discovery infostealer spyware stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

35557a3d1a90bdd05dab601b81ef886b.exe

Resource

win10v2004-20220901-en

redline sep10as1 discovery infostealer spyware stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

sep10as1

C2

185.215.113.122:15386

Attributes

auth_value
e45012eae57b2e57b34752fc802550c3

Targets

- Target
  
  35557a3d1a90bdd05dab601b81ef886b.exe
- Size
  
  207KB
- MD5
  
  35557a3d1a90bdd05dab601b81ef886b
- SHA1
  
  b49f1df1e56c904162db24c187446ad0f8ed0873
- SHA256
  
  eb2fbb6206ae3f6783291e3bce4c451c20093ca6777fb769c19aecd1f3a3a36e
- SHA512
  
  5be3106a6f5e5f5021fe2b2a71334beacc46ef9e84649885dc293896e8738f0f8f02c3279142b19a11a269989acd9f6ab96eb086119c3629e6c2eb26b69f8bd8
- SSDEEP
  
  6144:kMK8BjzFwFVb+LkEu+zRhU9dR9pexYL6qsEOQL:pJlwFVb+LkEu+0dR9pCry
Score

10^/10

redline sep10as1 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinesep10as1discoveryinfostealerspywarestealer

behavioral2

redlinesep10as1discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy