redline | 7e13b960bace017bbe7bd375f8bc4f6b32f6dc325a25494876dd5d90bd395ace | Triage

Submit
Reports

Overview

overview

Static

static

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

7e13b960bace017bbe7bd375f8bc4f6b32f6dc325a25494876dd5d90bd395ace
Size

330KB
Sample

230103-18aa2sda93
MD5

3ac6a51b0cba1b5fde2def34f0f34c9e
SHA1

8322abc5d56ee0a8b388ca6286ae923ecca3d667
SHA256

7e13b960bace017bbe7bd375f8bc4f6b32f6dc325a25494876dd5d90bd395ace
SHA512

7df4b50ead6f04e914c6404dbd59ee9ba0d6b64ef54f7636f02309777641b52be01ffb9516722532bb76dc39bc2f3322470bfdde87a73a47a37079a1302633d2
SSDEEP

6144:3LhLLHHFrr6v+2xXy/5wiwzaQOpkpjrOR3YNKWw8:3LhfHFrw+yX05BiXOpmr/+

Score

10^/10

redline sport discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

7e13b960bace017bbe7bd375f8bc4f6b32f6dc325a25494876dd5d90bd395ace.exe

Resource

win7-20221111-en

redline sport discovery infostealer spyware stealer

windows7-x64

7 signatures

300 seconds

Behavioral task

behavioral2

Sample

7e13b960bace017bbe7bd375f8bc4f6b32f6dc325a25494876dd5d90bd395ace.exe

Resource

win10-20220901-en

redline sport discovery infostealer spyware stealer

windows10-1703-x64

7 signatures

300 seconds

Malware Config

Extracted

Family

redline

Botnet

sport

C2

31.41.244.98:4063

Attributes

auth_value
82cce55eeb56b322651e98032c09d225

Targets

- Target
  
  7e13b960bace017bbe7bd375f8bc4f6b32f6dc325a25494876dd5d90bd395ace
- Size
  
  330KB
- MD5
  
  3ac6a51b0cba1b5fde2def34f0f34c9e
- SHA1
  
  8322abc5d56ee0a8b388ca6286ae923ecca3d667
- SHA256
  
  7e13b960bace017bbe7bd375f8bc4f6b32f6dc325a25494876dd5d90bd395ace
- SHA512
  
  7df4b50ead6f04e914c6404dbd59ee9ba0d6b64ef54f7636f02309777641b52be01ffb9516722532bb76dc39bc2f3322470bfdde87a73a47a37079a1302633d2
- SSDEEP
  
  6144:3LhLLHHFrr6v+2xXy/5wiwzaQOpkpjrOR3YNKWw8:3LhfHFrw+yX05BiXOpmr/+
Score

10^/10

redline sport discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinesportdiscoveryinfostealerspywarestealer

behavioral2

redlinesportdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy