redline | 301dfd9b9e2dc5fc852d25e53cea283c36fee20e7cbc608d9c28858084a90992 | Triage

Submit
Reports

Overview

overview

Static

static

file.exe

windows7-x64

file.exe

windows10-2004-x64

Sharing

General

Target

file.exe
Size

2.6MB
Sample

220918-n9qyzabbg3
MD5

ea2ee29a1a67528d3e2d67aea4bedf84
SHA1

a419ed97bb40aa727f6d37b5f951328e06b0c0f6
SHA256

301dfd9b9e2dc5fc852d25e53cea283c36fee20e7cbc608d9c28858084a90992
SHA512

6b4e56eac83bb1fac23a3836aa318112078def274d5e8a4115b922ff8162b7dbc4bbcd7b784d3865cb190b5f459b4d8db0da49ab0488b750f2e6b7db0df280e4
SSDEEP

24576:K+3F6ZICERHY7Y0aISdaMMKcJo8YXLBzeQVaLcShCN/gITL/jKLLzh19Bl3RuQ50:K+3F6ICETtYLcUITL/jKb/l3W

Score

10^/10

redline @forceddd_lzt infostealer spyware

Static task

static1

Behavioral task

behavioral1

Sample

file.exe

Resource

win7-20220812-en

redline @forceddd_lzt infostealer spyware

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

file.exe

Resource

win10v2004-20220812-en

redline @forceddd_lzt infostealer spyware

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

@forceddd_lzt

C2

5.182.36.101:31305

Attributes

auth_value
91ffc3d776bc56b5c410d1adf5648512

Targets

- Target
  
  file.exe
- Size
  
  2.6MB
- MD5
  
  ea2ee29a1a67528d3e2d67aea4bedf84
- SHA1
  
  a419ed97bb40aa727f6d37b5f951328e06b0c0f6
- SHA256
  
  301dfd9b9e2dc5fc852d25e53cea283c36fee20e7cbc608d9c28858084a90992
- SHA512
  
  6b4e56eac83bb1fac23a3836aa318112078def274d5e8a4115b922ff8162b7dbc4bbcd7b784d3865cb190b5f459b4d8db0da49ab0488b750f2e6b7db0df280e4
- SSDEEP
  
  24576:K+3F6ZICERHY7Y0aISdaMMKcJo8YXLBzeQVaLcShCN/gITL/jKLLzh19Bl3RuQ50:K+3F6ICETtYLcUITL/jKb/l3W
Score

10^/10

redline @forceddd_lzt infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline@forceddd_lztinfostealerspyware

behavioral2

redline@forceddd_lztinfostealerspyware

© 2018-2024

Terms | Privacy