redline | 7eff4f2344e8b0857d8045e73a199fc159ce1cbcd6a405606dd5e01c437fe6d0 | Triage

Submit
Reports

Overview

overview

Static

static

7eff4f2344...d0.exe

windows7-x64

7eff4f2344...d0.exe

windows10-2004-x64

Sharing

General

Target

7eff4f2344e8b0857d8045e73a199fc159ce1cbcd6a405606dd5e01c437fe6d0
Size

2.8MB
Sample

221005-c2mqssddel
MD5

bc0f88560edfbd4782b5731f3ee7cb08
SHA1

f5e9bd90666f80ff36dcc68b501e35cad94751df
SHA256

7eff4f2344e8b0857d8045e73a199fc159ce1cbcd6a405606dd5e01c437fe6d0
SHA512

d78dde3abc068e3f43e8784c7c62cf0b46c0e86c7ee2be7613a30fc4aba7c152a72ea73cd9b6990e892199df2b91121ab2daa0457b4722f0557a53fb91ad82e6
SSDEEP

49152:3XQXV7UeuVlzqiNV5qlWc0i0yf5Nh6lKa35l3l:3XQXV7Ueolz9fmvf5Nh6lB9

Score

10^/10

redline install infostealer spyware

Static task

static1

Behavioral task

behavioral1

Sample

7eff4f2344e8b0857d8045e73a199fc159ce1cbcd6a405606dd5e01c437fe6d0.exe

Resource

win7-20220812-en

redline install infostealer spyware

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

7eff4f2344e8b0857d8045e73a199fc159ce1cbcd6a405606dd5e01c437fe6d0.exe

Resource

win10v2004-20220812-en

redline install infostealer spyware

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

Install

C2

69.176.94.78:32244

Attributes

auth_value
262df95952285ebeabc4c91774e37776

Targets

- Target
  
  7eff4f2344e8b0857d8045e73a199fc159ce1cbcd6a405606dd5e01c437fe6d0
- Size
  
  2.8MB
- MD5
  
  bc0f88560edfbd4782b5731f3ee7cb08
- SHA1
  
  f5e9bd90666f80ff36dcc68b501e35cad94751df
- SHA256
  
  7eff4f2344e8b0857d8045e73a199fc159ce1cbcd6a405606dd5e01c437fe6d0
- SHA512
  
  d78dde3abc068e3f43e8784c7c62cf0b46c0e86c7ee2be7613a30fc4aba7c152a72ea73cd9b6990e892199df2b91121ab2daa0457b4722f0557a53fb91ad82e6
- SSDEEP
  
  49152:3XQXV7UeuVlzqiNV5qlWc0i0yf5Nh6lKa35l3l:3XQXV7Ueolz9fmvf5Nh6lB9
Score

10^/10

redline install infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineinstallinfostealerspyware

behavioral2

redlineinstallinfostealerspyware

© 2018-2024

Terms | Privacy