redline | def0a557e76910ab9d94e8e7e6915e552278258f1553cf98dbd75eca1370c32b | Triage

Submit
Reports

Overview

overview

Static

static

92d305d4c7...22.exe

windows7-x64

92d305d4c7...22.exe

windows10-2004-x64

Sharing

General

Target

92d305d4c7faa7d3d004a7c535d289235b187c4f72a97e76736f6fcd3fdbac22
Size

307KB
Sample

221121-xpqxxadb79
MD5

93e2ec4f655c6d4a363146826ea966a5
SHA1

502d6aeaccc795617b8e8c95473324513344c3bd
SHA256

def0a557e76910ab9d94e8e7e6915e552278258f1553cf98dbd75eca1370c32b
SHA512

0a0e463698e679605caaf41685da8abc24a35c9a022c040b7297ef256e84b0d5238c58214ba840c2c08cc655e475e79b2ae10d5209fdcc5fc5571b4c3c6fcd5f
SSDEEP

6144:OJCUjIPOyLD5XW/KyYyT5OuX9opfdf5s99KSbNS+pPjSx9qmXAEWea75o10oXpXj:0CUjqOIdElOuX9opf899KUS+pOxYTE7f

Score

10^/10

redline top1 discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

92d305d4c7faa7d3d004a7c535d289235b187c4f72a97e76736f6fcd3fdbac22.exe

Resource

win7-20221111-en

redline top1 discovery infostealer spyware stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

92d305d4c7faa7d3d004a7c535d289235b187c4f72a97e76736f6fcd3fdbac22.exe

Resource

win10v2004-20221111-en

redline top1 discovery infostealer spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

top1

C2

chardhesha.xyz:81

jalocliche.xyz:81

Attributes

auth_value
fa2afa98a6579319e36e31ee0552bd57

Targets

- Target
  
  92d305d4c7faa7d3d004a7c535d289235b187c4f72a97e76736f6fcd3fdbac22
- Size
  
  385KB
- MD5
  
  55b1fd7484074158f9e9e8f657ec5a94
- SHA1
  
  6988125039cbf77b4ff06fa75fa56975004d3333
- SHA256
  
  92d305d4c7faa7d3d004a7c535d289235b187c4f72a97e76736f6fcd3fdbac22
- SHA512
  
  a7b292cc74578308b4c3d129809119a96c6522185e05ddaefb294ae6636894a145383140d23b1d3217f300ee63646d6f185fdb02dcbd9ab0ee5d840aa49b4de9
- SSDEEP
  
  12288:3fW6EQ0byZvdEnOuX9opfM99K0S+pOxOTEh25D:3fCbyZvdEnFX9op2KQKdhA
Score

10^/10

redline top1 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinetop1discoveryinfostealerspywarestealer

behavioral2

redlinetop1discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy