redline | 4138619c3bade8cd653d595d7e1007342dc0f7a4b5388d5a3956ffc4dce6dbed | Triage

Submit
Reports

Overview

overview

Static

static

Laoder.exe

windows7-x64

Laoder.exe

windows10-2004-x64

Sharing

General

Target

Laoder.bin
Size

1.2MB
Sample

221003-mq4kaagaf2
MD5

fea979a3fbed876b3a10991bd3d7d8e8
SHA1

f069611f03ebec2334c093d3763227b0cce517d1
SHA256

4138619c3bade8cd653d595d7e1007342dc0f7a4b5388d5a3956ffc4dce6dbed
SHA512

01f6a204627d19e17c17a27684ab4174da20414fe96d2ed4df4ee5c59b55ae34d2f74360dd32cde952bc151cf96751d43f72554c36ae90c051a0331d27d9c8a8
SSDEEP

24576:EwImQOoHGUZI5UrIYfYLY2TL74MPskdELk4+tysP6Ep:EwImQOoHTYUDCbgsPZp

Score

10^/10

redline infostealer spyware upx

Static task

static1

Behavioral task

behavioral1

Sample

Laoder.exe

Resource

win7-20220812-en

redline infostealer spyware upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

Laoder.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Extracted

Family

redline

C2

185.215.113.83:60722

Attributes

auth_value
c4737ae3b1758fc2ea25fa8958afece9

Targets

- Target
  
  Laoder.bin
- Size
  
  1.2MB
- MD5
  
  fea979a3fbed876b3a10991bd3d7d8e8
- SHA1
  
  f069611f03ebec2334c093d3763227b0cce517d1
- SHA256
  
  4138619c3bade8cd653d595d7e1007342dc0f7a4b5388d5a3956ffc4dce6dbed
- SHA512
  
  01f6a204627d19e17c17a27684ab4174da20414fe96d2ed4df4ee5c59b55ae34d2f74360dd32cde952bc151cf96751d43f72554c36ae90c051a0331d27d9c8a8
- SSDEEP
  
  24576:EwImQOoHGUZI5UrIYfYLY2TL74MPskdELk4+tysP6Ep:EwImQOoHTYUDCbgsPZp
Score

10^/10

redline infostealer spyware upx
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineinfostealerspywareupx

behavioral2

© 2018-2024

Terms | Privacy