redline | efce2f63f699ace5119a260bf75471f818d81e948a903ed4ac4657a16b89f9de | Triage

Submit
Reports

Overview

overview

Static

static

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

efce2f63f699ace5119a260bf75471f818d81e948a903ed4ac4657a16b89f9de
Size

311KB
Sample

221105-ekysvafeen
MD5

80eba6fba683560bb8a1296911c9a530
SHA1

d9c3fcf909681db6f83a23e46999a5bc4f23d1b3
SHA256

efce2f63f699ace5119a260bf75471f818d81e948a903ed4ac4657a16b89f9de
SHA512

be12f3cdacefa9c215a73effe0f51b9d9a897a8d44120266fff25d99a79f7f06f96f429ecb5f3bdef2754fb5eee240a7ce6e3c14a08e9f761826e195a2f3a1ae
SSDEEP

6144:xh5ZRBLEQJFM15cBR69scAmM/y7szDUnbmaLOnK:TpBl8158cLc6SVnK

Score

10^/10

redline 1 discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

efce2f63f699ace5119a260bf75471f818d81e948a903ed4ac4657a16b89f9de.exe

Resource

win7-20220812-en

redline 1 discovery infostealer spyware stealer

windows7-x64

7 signatures

300 seconds

Behavioral task

behavioral2

Sample

efce2f63f699ace5119a260bf75471f818d81e948a903ed4ac4657a16b89f9de.exe

Resource

win10-20220812-en

redline 1 discovery infostealer spyware stealer

windows10-1703-x64

7 signatures

300 seconds

Malware Config

Extracted

Family

redline

Botnet

1

C2

164.90.146.32:41698

Attributes

auth_value
9b64659ae8aca5a45aee2af90a3cdeac

Targets

- Target
  
  efce2f63f699ace5119a260bf75471f818d81e948a903ed4ac4657a16b89f9de
- Size
  
  311KB
- MD5
  
  80eba6fba683560bb8a1296911c9a530
- SHA1
  
  d9c3fcf909681db6f83a23e46999a5bc4f23d1b3
- SHA256
  
  efce2f63f699ace5119a260bf75471f818d81e948a903ed4ac4657a16b89f9de
- SHA512
  
  be12f3cdacefa9c215a73effe0f51b9d9a897a8d44120266fff25d99a79f7f06f96f429ecb5f3bdef2754fb5eee240a7ce6e3c14a08e9f761826e195a2f3a1ae
- SSDEEP
  
  6144:xh5ZRBLEQJFM15cBR69scAmM/y7szDUnbmaLOnK:TpBl8158cLc6SVnK
Score

10^/10

redline 1 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline1discoveryinfostealerspywarestealer

behavioral2

redline1discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy