redline | 314e1f1a23b936b5935b897f53f8c091fbd7ed822bd38d662e5d065f8d8664c5 | Triage

Submit
Reports

Overview

overview

Static

static

0x00070000...50.exe

windows7-x64

0x00070000...50.exe

windows10-2004-x64

Sharing

General

Target

0x0007000000022e1c-150.dat
Size

137KB
Sample

221001-1ml3qaabgk
MD5

45010a30a3f1a88107bbae607667d8d5
SHA1

f1120474fdaaa5a68aad6bd569d57380effdf816
SHA256

314e1f1a23b936b5935b897f53f8c091fbd7ed822bd38d662e5d065f8d8664c5
SHA512

e27b84268b271477b347bc9cec99fdbcbe4ba06416104093b2f57baaa51290acd720d0f81d271bcf2f72fdc32c2f451447b041a3fc7ab3cb5c00fcce5972247a
SSDEEP

3072:qYO/ZMTF6qmAFzNVmbRqViVdPDFQyR0xhZSSoa:qYMZMB6qmA/cbRqV8xyxh

Score

10^/10

redline buk2 discovery infostealer spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

0x0007000000022e1c-150.exe

Resource

win7-20220812-en

redline buk2 discovery infostealer spyware stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

0x0007000000022e1c-150.exe

Resource

win10v2004-20220812-en

redline buk2 discovery infostealer spyware stealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

Buk2

C2

tyastazirowi.xyz:80

yaterirennin.xyz:80

Attributes

auth_value
813662de00b041e18fa868da733fca07

Targets

- Target
  
  0x0007000000022e1c-150.dat
- Size
  
  137KB
- MD5
  
  45010a30a3f1a88107bbae607667d8d5
- SHA1
  
  f1120474fdaaa5a68aad6bd569d57380effdf816
- SHA256
  
  314e1f1a23b936b5935b897f53f8c091fbd7ed822bd38d662e5d065f8d8664c5
- SHA512
  
  e27b84268b271477b347bc9cec99fdbcbe4ba06416104093b2f57baaa51290acd720d0f81d271bcf2f72fdc32c2f451447b041a3fc7ab3cb5c00fcce5972247a
- SSDEEP
  
  3072:qYO/ZMTF6qmAFzNVmbRqViVdPDFQyR0xhZSSoa:qYMZMB6qmA/cbRqV8xyxh
Score

10^/10

redline buk2 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinebuk2discoveryinfostealerspywarestealer

behavioral2

redlinebuk2discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy