redline | 5292b8004f9078cfddbb45f7a0a1d0e6c84a958e43e602f43f8af4161983b6ce | Triage

Submit
Reports

Overview

overview

Static

static

5292b8004f...ce.exe

windows7-x64

5292b8004f...ce.exe

windows10-2004-x64

Sharing

General

Target

5292b8004f9078cfddbb45f7a0a1d0e6c84a958e43e602f43f8af4161983b6ce.exe
Size

450KB
Sample

221018-y37m9aebal
MD5

47d4b2fd7654ad71026eb66dd2aa5d97
SHA1

dabbda8e945fadee09c5bbee1b0ed9a4036038f5
SHA256

5292b8004f9078cfddbb45f7a0a1d0e6c84a958e43e602f43f8af4161983b6ce
SHA512

3412e220dfcfa4401b03e0ca36c55c03f65bc92016a5a52db625a16c4e1171b1305477e9b461f3aaffeafcae99ccfdf1c9e4729695007718469bda1d753f28f1
SSDEEP

6144:Z8fFQo+7Q0H3y+nvEGiBpYbgBUR4JttcBDlxdwpfxfBThM9eo1I7u0Kry2wej99u:ZYFiISM5jY9IfBTy9eo1dC

Score

10^/10

redline nam6.1 infostealer spyware

Static task

static1

Behavioral task

behavioral1

Sample

5292b8004f9078cfddbb45f7a0a1d0e6c84a958e43e602f43f8af4161983b6ce.exe

Resource

win7-20220812-en

redline nam6.1 infostealer spyware

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

5292b8004f9078cfddbb45f7a0a1d0e6c84a958e43e602f43f8af4161983b6ce.exe

Resource

win10v2004-20220901-en

redline nam6.1 infostealer spyware

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

nam6.1

C2

103.89.90.61:34589

Attributes

auth_value
5a3c8b8880f6d03e2acaaa0ba12776e3

Targets

- Target
  
  5292b8004f9078cfddbb45f7a0a1d0e6c84a958e43e602f43f8af4161983b6ce.exe
- Size
  
  450KB
- MD5
  
  47d4b2fd7654ad71026eb66dd2aa5d97
- SHA1
  
  dabbda8e945fadee09c5bbee1b0ed9a4036038f5
- SHA256
  
  5292b8004f9078cfddbb45f7a0a1d0e6c84a958e43e602f43f8af4161983b6ce
- SHA512
  
  3412e220dfcfa4401b03e0ca36c55c03f65bc92016a5a52db625a16c4e1171b1305477e9b461f3aaffeafcae99ccfdf1c9e4729695007718469bda1d753f28f1
- SSDEEP
  
  6144:Z8fFQo+7Q0H3y+nvEGiBpYbgBUR4JttcBDlxdwpfxfBThM9eo1I7u0Kry2wej99u:ZYFiISM5jY9IfBTy9eo1dC
Score

10^/10

redline nam6.1 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinenam6.1infostealerspyware

behavioral2

redlinenam6.1infostealerspyware

© 2018-2024

Terms | Privacy