redline | f3c925c1dbe719936cd19b81e1709159122ea1c81d97f7786f7f305985829b94 | Triage

Submit
Reports

Overview

overview

Static

static

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

f3c925c1dbe719936cd19b81e1709159122ea1c81d97f7786f7f305985829b94
Size

278KB
Sample

230130-178r8ada69
MD5

30fce29f112f89c4f25b9803e76e580b
SHA1

c9df7638cf19f685cedc5055bd912040dab1063a
SHA256

f3c925c1dbe719936cd19b81e1709159122ea1c81d97f7786f7f305985829b94
SHA512

512c84df111eaf2d36a814b3b1eadb25fa4fa8141a43bc37456b76f8b70ea9f8a39c4d306e5118e58e2bfd1f76eabf9092777bcf6a05e003ee4f32ea534c4b61
SSDEEP

6144:W9L+BIEWad6o5VUFDlDc17Iw235HTgrODsucW1b8Bg:W9UIEW5CViA1y35zgrrW1b8B

Score

10^/10

redline fredy discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

f3c925c1dbe719936cd19b81e1709159122ea1c81d97f7786f7f305985829b94.exe

Resource

win7-20221111-en

redline fredy discovery infostealer spyware stealer

windows7-x64

7 signatures

300 seconds

Behavioral task

behavioral2

Sample

f3c925c1dbe719936cd19b81e1709159122ea1c81d97f7786f7f305985829b94.exe

Resource

win10-20220812-en

redline fredy discovery infostealer spyware stealer

windows10-1703-x64

7 signatures

300 seconds

Malware Config

Extracted

Family

redline

Botnet

fredy

C2

62.204.41.170:4132

Attributes

auth_value
880249eef9593d49a1a3cddf57c5cb35

Targets

- Target
  
  f3c925c1dbe719936cd19b81e1709159122ea1c81d97f7786f7f305985829b94
- Size
  
  278KB
- MD5
  
  30fce29f112f89c4f25b9803e76e580b
- SHA1
  
  c9df7638cf19f685cedc5055bd912040dab1063a
- SHA256
  
  f3c925c1dbe719936cd19b81e1709159122ea1c81d97f7786f7f305985829b94
- SHA512
  
  512c84df111eaf2d36a814b3b1eadb25fa4fa8141a43bc37456b76f8b70ea9f8a39c4d306e5118e58e2bfd1f76eabf9092777bcf6a05e003ee4f32ea534c4b61
- SSDEEP
  
  6144:W9L+BIEWad6o5VUFDlDc17Iw235HTgrODsucW1b8Bg:W9UIEW5CViA1y35zgrrW1b8B
Score

10^/10

redline fredy discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinefredydiscoveryinfostealerspywarestealer

behavioral2

redlinefredydiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy