redline | c7563d952a00dd35e91dc7a259efcd6d7dd4079624ce38300c714a3f91de8f3e | Triage

Sharing

General

Target

file.exe
Size

702KB
Sample

230104-bz9bcagg7t
MD5

888476e6905117c8c6bf2809f17e46d4
SHA1

d8943d00661b5d65f0896d37ed7ce12a6109b392
SHA256

c7563d952a00dd35e91dc7a259efcd6d7dd4079624ce38300c714a3f91de8f3e
SHA512

8fa132c0cf3731f0047c018d29d8614970fad4d33384e65dc485d4f235e418ee57eee3de90ce5a18dd25b661ee1d4349932ba8d9cdcbe8bc9c3b157c9c39cd03
SSDEEP

12288:r7eDTOhSwsN/nkEONJFxYu39feTUdjgMjZpiwBab2fObS5bDm:ryDCyQzxY+IoNgMjZ8wBNGS5m

Score

10^/10

redline hexo-software discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

HEXO-SOFTWARE

C2

amrican-sport-live-stream.cc:4581

Attributes

auth_value
fea440ffae02b6f56d7b00fe8105ccb8

Targets

- Target
  
  file.exe
- Size
  
  702KB
- MD5
  
  888476e6905117c8c6bf2809f17e46d4
- SHA1
  
  d8943d00661b5d65f0896d37ed7ce12a6109b392
- SHA256
  
  c7563d952a00dd35e91dc7a259efcd6d7dd4079624ce38300c714a3f91de8f3e
- SHA512
  
  8fa132c0cf3731f0047c018d29d8614970fad4d33384e65dc485d4f235e418ee57eee3de90ce5a18dd25b661ee1d4349932ba8d9cdcbe8bc9c3b157c9c39cd03
- SSDEEP
  
  12288:r7eDTOhSwsN/nkEONJFxYu39feTUdjgMjZpiwBab2fObS5bDm:ryDCyQzxY+IoNgMjZ8wBNGS5m
Score

10^/10

redline hexo-software discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinehexo-softwarediscoveryinfostealerspywarestealer

behavioral2

redlinehexo-softwarediscoveryinfostealerspywarestealer