redline | 089aec6e06c67b19eb17226592c932c7b83b8d3f8aa2a3339205c1ca8e64a389 | Triage

Submit
Reports

Overview

overview

Static

static

089AEC6E06...2A.exe

windows7-x64

089AEC6E06...2A.exe

windows10-2004-x64

Sharing

General

Target

089AEC6E06C67B19EB17226592C932C7B83B8D3F8AA2A.exe
Size

471KB
Sample

221206-1w72jsbb5t
MD5

99593bb17ce4e7d021d42f0244c78c7c
SHA1

33645c568325d0b6aa057e739c7fe3198dbbee02
SHA256

089aec6e06c67b19eb17226592c932c7b83b8d3f8aa2a3339205c1ca8e64a389
SHA512

5864ca0b756670d3aff0b8da1a4b07f8b9e9477e8e1f8777d22e0d18fc573a762bc94a3310358ae47b45a3a0a1b538b25e4702598ef4fcecb53580e017353594
SSDEEP

12288:aSonNv62ZocpPe+4RBbWUI/RgpSlgUlvCa:vGYN/FMMSlgUx

Score

10^/10

redline eunewdomain1 discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

089AEC6E06C67B19EB17226592C932C7B83B8D3F8AA2A.exe

Resource

win7-20221111-en

redline eunewdomain1 discovery infostealer spyware stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

089AEC6E06C67B19EB17226592C932C7B83B8D3F8AA2A.exe

Resource

win10v2004-20221111-en

redline eunewdomain1 infostealer

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

Eunewdomain1

C2

hrabrlonian.xyz:81

Attributes

auth_value
c7e61afc90a97addce2ecac4aaac2680

Targets

- Target
  
  089AEC6E06C67B19EB17226592C932C7B83B8D3F8AA2A.exe
- Size
  
  471KB
- MD5
  
  99593bb17ce4e7d021d42f0244c78c7c
- SHA1
  
  33645c568325d0b6aa057e739c7fe3198dbbee02
- SHA256
  
  089aec6e06c67b19eb17226592c932c7b83b8d3f8aa2a3339205c1ca8e64a389
- SHA512
  
  5864ca0b756670d3aff0b8da1a4b07f8b9e9477e8e1f8777d22e0d18fc573a762bc94a3310358ae47b45a3a0a1b538b25e4702598ef4fcecb53580e017353594
- SSDEEP
  
  12288:aSonNv62ZocpPe+4RBbWUI/RgpSlgUlvCa:vGYN/FMMSlgUx
Score

10^/10

redline eunewdomain1 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineeunewdomain1discoveryinfostealerspywarestealer

behavioral2

redlineeunewdomain1infostealer

© 2018-2024

Terms | Privacy