redline | ff5323a32673dda6983d1bc8a5840c7980ef231758b6128834d2e3432d53d790 | Triage

Submit
Reports

Overview

overview

Static

static

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

ff5323a32673dda6983d1bc8a5840c7980ef231758b6128834d2e3432d53d790
Size

358KB
Sample

230103-182qasdb23
MD5

28ee8c7da8d0e960570a4f81eaee2d1a
SHA1

5ab7f96575352911f2d0cf7bf808c35b0e6aef87
SHA256

ff5323a32673dda6983d1bc8a5840c7980ef231758b6128834d2e3432d53d790
SHA512

016c48199401b51260375b60c75d5348fd90e281838aeec5f5b28b118b30e28dbc8b873cd2160514f56dcb584a95599fd348c8f67b3e467a513f5c96514b9fe5
SSDEEP

6144:AALS8KMuEODgHX/nBXld1Ua/2lXYDBN7JRGbv8inE8SDD0SV4b7i:AAm8KMuEjvD+wrS4Um4bu

Score

10^/10

redline sport discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

ff5323a32673dda6983d1bc8a5840c7980ef231758b6128834d2e3432d53d790.exe

Resource

win7-20221111-en

redline sport discovery infostealer spyware stealer

windows7-x64

7 signatures

300 seconds

Behavioral task

behavioral2

Sample

ff5323a32673dda6983d1bc8a5840c7980ef231758b6128834d2e3432d53d790.exe

Resource

win10-20220901-en

redline sport discovery infostealer spyware stealer

windows10-1703-x64

7 signatures

300 seconds

Malware Config

Extracted

Family

redline

Botnet

sport

C2

31.41.244.98:4063

Attributes

auth_value
82cce55eeb56b322651e98032c09d225

Targets

- Target
  
  ff5323a32673dda6983d1bc8a5840c7980ef231758b6128834d2e3432d53d790
- Size
  
  358KB
- MD5
  
  28ee8c7da8d0e960570a4f81eaee2d1a
- SHA1
  
  5ab7f96575352911f2d0cf7bf808c35b0e6aef87
- SHA256
  
  ff5323a32673dda6983d1bc8a5840c7980ef231758b6128834d2e3432d53d790
- SHA512
  
  016c48199401b51260375b60c75d5348fd90e281838aeec5f5b28b118b30e28dbc8b873cd2160514f56dcb584a95599fd348c8f67b3e467a513f5c96514b9fe5
- SSDEEP
  
  6144:AALS8KMuEODgHX/nBXld1Ua/2lXYDBN7JRGbv8inE8SDD0SV4b7i:AAm8KMuEjvD+wrS4Um4bu
Score

10^/10

redline sport discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinesportdiscoveryinfostealerspywarestealer

behavioral2

redlinesportdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy