redline | b68102eac02c085ecd5827133a4923806e23b9d5548206103759b7de28357a05 | Triage

Submit
Reports

Overview

overview

Static

static

7ecebd28e0...e9.exe

windows7-x64

7ecebd28e0...e9.exe

windows10-2004-x64

Sharing

General

Target

7ecebd28e0b5a7913e7523e6ff6f5fe9.exe
Size

1.2MB
Sample

221115-3y1flacd3t
MD5

7ecebd28e0b5a7913e7523e6ff6f5fe9
SHA1

c16f9b7c14c037ab414be6f8d70e8e600c30c99c
SHA256

b68102eac02c085ecd5827133a4923806e23b9d5548206103759b7de28357a05
SHA512

c6e8aac4bf0645bf66d84d4a9e53437d857893911fa6a0b850ca660094c450b90e9f650b793830e2e4653e48649c5504dcab259ea8d49ee3683fffab85ed06ae
SSDEEP

24576:TC1IY8Y04oieNMgPAQMuPkVZq79sR0D/7vUy0:TCCBVJsisy0

Score

10^/10

redline love infostealer spyware

Static task

static1

Behavioral task

behavioral1

Sample

7ecebd28e0b5a7913e7523e6ff6f5fe9.exe

Resource

win7-20220812-en

redline love infostealer spyware

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

7ecebd28e0b5a7913e7523e6ff6f5fe9.exe

Resource

win10v2004-20220812-en

redline love infostealer spyware

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

love

C2

45.15.157.0:22789

Attributes

auth_value
f2b8ce19d1b1584a3972de28dfe5bf40

Targets

- Target
  
  7ecebd28e0b5a7913e7523e6ff6f5fe9.exe
- Size
  
  1.2MB
- MD5
  
  7ecebd28e0b5a7913e7523e6ff6f5fe9
- SHA1
  
  c16f9b7c14c037ab414be6f8d70e8e600c30c99c
- SHA256
  
  b68102eac02c085ecd5827133a4923806e23b9d5548206103759b7de28357a05
- SHA512
  
  c6e8aac4bf0645bf66d84d4a9e53437d857893911fa6a0b850ca660094c450b90e9f650b793830e2e4653e48649c5504dcab259ea8d49ee3683fffab85ed06ae
- SSDEEP
  
  24576:TC1IY8Y04oieNMgPAQMuPkVZq79sR0D/7vUy0:TCCBVJsisy0
Score

10^/10

redline love infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineloveinfostealerspyware

behavioral2

redlineloveinfostealerspyware

© 2018-2024

Terms | Privacy