redline | a9ffffff38aca59d7d2f041fbdb253ca612c7ba2d597782b2e6a59a914f49b33 | Triage

Submit
Reports

Overview

overview

Static

static

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

a9ffffff38aca59d7d2f041fbdb253ca612c7ba2d597782b2e6a59a914f49b33
Size

137KB
Sample

221113-fvjmcaae45
MD5

e63d74cec6926b2d04e474b889d08af4
SHA1

a64a888ccfb4e82ade71f1a00a7ae681d29c7bcb
SHA256

a9ffffff38aca59d7d2f041fbdb253ca612c7ba2d597782b2e6a59a914f49b33
SHA512

fd59c0a1c613611002e52a309ee4baad626df8fbbd8c0c230bcb8e6fed4a3059296ab11b88a1d25a0f54c65f730a027f876629298120f7b4c251bf6d2aaed148
SSDEEP

3072:dYO/ZMTFVx+2I3rG1fVLZncHzWF7cRPehvSSYn:dYMZMBVxFISn+zjpeh

Score

10^/10

redline boy discovery infostealer spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

a9ffffff38aca59d7d2f041fbdb253ca612c7ba2d597782b2e6a59a914f49b33.exe

Resource

win7-20220812-en

redline boy discovery infostealer spyware stealer

windows7-x64

7 signatures

300 seconds

Behavioral task

behavioral2

Sample

a9ffffff38aca59d7d2f041fbdb253ca612c7ba2d597782b2e6a59a914f49b33.exe

Resource

win10-20220812-en

redline boy discovery infostealer spyware stealer

windows10-1703-x64

7 signatures

300 seconds

Malware Config

Extracted

Family

redline

Botnet

boy

C2

77.73.134.241:4691

Attributes

auth_value
a91fa8cc2cfaefc42a23c03faef44bd3

Targets

- Target
  
  a9ffffff38aca59d7d2f041fbdb253ca612c7ba2d597782b2e6a59a914f49b33
- Size
  
  137KB
- MD5
  
  e63d74cec6926b2d04e474b889d08af4
- SHA1
  
  a64a888ccfb4e82ade71f1a00a7ae681d29c7bcb
- SHA256
  
  a9ffffff38aca59d7d2f041fbdb253ca612c7ba2d597782b2e6a59a914f49b33
- SHA512
  
  fd59c0a1c613611002e52a309ee4baad626df8fbbd8c0c230bcb8e6fed4a3059296ab11b88a1d25a0f54c65f730a027f876629298120f7b4c251bf6d2aaed148
- SSDEEP
  
  3072:dYO/ZMTFVx+2I3rG1fVLZncHzWF7cRPehvSSYn:dYMZMBVxFISn+zjpeh
Score

10^/10

redline boy discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineboydiscoveryinfostealerspywarestealer

behavioral2

redlineboydiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy