redline | a80c89e6bc5d2aa9ff033799651cbb9bd11cf3b75eaf49552bd59cc88fcb5445 | Triage

Submit
Reports

Overview

overview

Static

static

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

a80c89e6bc5d2aa9ff033799651cbb9bd11cf3b75eaf49552bd59cc88fcb5445
Size

2.8MB
Sample

221206-ff6tbshe32
MD5

31a9a8c6d1d79fc6afdd9a5c991188f1
SHA1

d294e06685c76d32338585564ebe9c4ff49dd067
SHA256

a80c89e6bc5d2aa9ff033799651cbb9bd11cf3b75eaf49552bd59cc88fcb5445
SHA512

48e8d0a33ba514106fa95f1e8e2fdfb74083de0c2434b3d3bbb716cc8a78a66ee657044dd36b70291ce369ba75624f977560c32a5a96cefe7ee54a92f5e5500a
SSDEEP

49152:crvnXYyaoU7Efzua3KIVouFK+hByJPD6hXlunD3tzQ:crvnnUIfzD37FlW1QVm9E

Score

10^/10

redline 0512 infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

a80c89e6bc5d2aa9ff033799651cbb9bd11cf3b75eaf49552bd59cc88fcb5445.exe

Resource

win7-20221111-en

redline 0512 infostealer spyware stealer

windows7-x64

11 signatures

300 seconds

Behavioral task

behavioral2

Sample

a80c89e6bc5d2aa9ff033799651cbb9bd11cf3b75eaf49552bd59cc88fcb5445.exe

Resource

win10-20220901-en

redline 0512 infostealer spyware stealer

windows10-1703-x64

10 signatures

300 seconds

Malware Config

Extracted

Family

redline

Botnet

0512

C2

81.161.229.143:26910

Attributes

auth_value
c020923553bd23ba826df75b6d76d4de

Targets

- Target
  
  a80c89e6bc5d2aa9ff033799651cbb9bd11cf3b75eaf49552bd59cc88fcb5445
- Size
  
  2.8MB
- MD5
  
  31a9a8c6d1d79fc6afdd9a5c991188f1
- SHA1
  
  d294e06685c76d32338585564ebe9c4ff49dd067
- SHA256
  
  a80c89e6bc5d2aa9ff033799651cbb9bd11cf3b75eaf49552bd59cc88fcb5445
- SHA512
  
  48e8d0a33ba514106fa95f1e8e2fdfb74083de0c2434b3d3bbb716cc8a78a66ee657044dd36b70291ce369ba75624f977560c32a5a96cefe7ee54a92f5e5500a
- SSDEEP
  
  49152:crvnXYyaoU7Efzua3KIVouFK+hByJPD6hXlunD3tzQ:crvnnUIfzD37FlW1QVm9E
Score

10^/10

redline 0512 infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline0512infostealerspywarestealer

behavioral2

redline0512infostealerspywarestealer

© 2018-2024

Terms | Privacy