redline | 79c18fc6fa4812aac1ffecc8fff68791c25b23a4ec4ecf9d8635e72ad20555ac | Triage

Submit
Reports

Overview

overview

Static

static

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

79c18fc6fa4812aac1ffecc8fff68791c25b23a4ec4ecf9d8635e72ad20555ac
Size

332KB
Sample

230105-17d8lshb2v
MD5

767cf221dc37c88c729ce8bcae9e4fc6
SHA1

5b23c9225b189fcd74f7deb5b10cd5dccb4577f2
SHA256

79c18fc6fa4812aac1ffecc8fff68791c25b23a4ec4ecf9d8635e72ad20555ac
SHA512

d28d674acddeec960131e6daca3758d3194f87c87a75567fce1c239c35f2e2967c1f8231df56f5d64c879d39d0e7fae9e96e23c293f94bb85c8c9122af5fa39b
SSDEEP

6144:N66Lp2T3/qPECaIjc1Rja1CVNxMv8GbPdHZhjEHUIeg:s6V2T3/qPEjIjqRO1Kav8GbFHZ5EHU

Score

10^/10

redline sport discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

79c18fc6fa4812aac1ffecc8fff68791c25b23a4ec4ecf9d8635e72ad20555ac.exe

Resource

win7-20221111-en

redline sport discovery infostealer spyware stealer

windows7-x64

7 signatures

300 seconds

Behavioral task

behavioral2

Sample

79c18fc6fa4812aac1ffecc8fff68791c25b23a4ec4ecf9d8635e72ad20555ac.exe

Resource

win10-20220812-en

redline sport discovery infostealer spyware stealer

windows10-1703-x64

7 signatures

300 seconds

Malware Config

Extracted

Family

redline

Botnet

sport

C2

31.41.244.98:4063

Attributes

auth_value
82cce55eeb56b322651e98032c09d225

Targets

- Target
  
  79c18fc6fa4812aac1ffecc8fff68791c25b23a4ec4ecf9d8635e72ad20555ac
- Size
  
  332KB
- MD5
  
  767cf221dc37c88c729ce8bcae9e4fc6
- SHA1
  
  5b23c9225b189fcd74f7deb5b10cd5dccb4577f2
- SHA256
  
  79c18fc6fa4812aac1ffecc8fff68791c25b23a4ec4ecf9d8635e72ad20555ac
- SHA512
  
  d28d674acddeec960131e6daca3758d3194f87c87a75567fce1c239c35f2e2967c1f8231df56f5d64c879d39d0e7fae9e96e23c293f94bb85c8c9122af5fa39b
- SSDEEP
  
  6144:N66Lp2T3/qPECaIjc1Rja1CVNxMv8GbPdHZhjEHUIeg:s6V2T3/qPEjIjqRO1Kav8GbFHZ5EHU
Score

10^/10

redline sport discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinesportdiscoveryinfostealerspywarestealer

behavioral2

redlinesportdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy