redline | d906b309b6a00cac4602b12f32c1d2ac4e8a34ccd3cf47be3023cd7fa649a05d | Triage

Submit
Reports

Overview

overview

Static

static

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

d906b309b6a00cac4602b12f32c1d2ac4e8a34ccd3cf47be3023cd7fa649a05d
Size

397KB
Sample

230130-ed7geagb49
MD5

8bdec3dd988d576b855a9323776d450f
SHA1

76a70069447d5e25c5b0f379e1f8de759ca743cb
SHA256

d906b309b6a00cac4602b12f32c1d2ac4e8a34ccd3cf47be3023cd7fa649a05d
SHA512

39f827628690c450d5f33794c2aa24bb5810836078d2afb9c3f6a82174bdb01ba6c927c0c5c9e87505d6143e8d1abd9ec49d824066cb8ead3aa91f932ff5c725
SSDEEP

6144:MULHHyh59bCTYCjZe9JlOevq1QV7mRnFGxb+7eEWajl45mc:T7He59bUFWSeveQiFGAVy

Score

10^/10

redline fredy discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

d906b309b6a00cac4602b12f32c1d2ac4e8a34ccd3cf47be3023cd7fa649a05d.exe

Resource

win7-20220812-en

redline fredy discovery infostealer spyware stealer

windows7-x64

7 signatures

300 seconds

Behavioral task

behavioral2

Sample

d906b309b6a00cac4602b12f32c1d2ac4e8a34ccd3cf47be3023cd7fa649a05d.exe

Resource

win10-20220812-en

redline fredy discovery infostealer spyware stealer

windows10-1703-x64

7 signatures

300 seconds

Malware Config

Extracted

Family

redline

Botnet

fredy

C2

62.204.41.170:4132

Attributes

auth_value
880249eef9593d49a1a3cddf57c5cb35

Targets

- Target
  
  d906b309b6a00cac4602b12f32c1d2ac4e8a34ccd3cf47be3023cd7fa649a05d
- Size
  
  397KB
- MD5
  
  8bdec3dd988d576b855a9323776d450f
- SHA1
  
  76a70069447d5e25c5b0f379e1f8de759ca743cb
- SHA256
  
  d906b309b6a00cac4602b12f32c1d2ac4e8a34ccd3cf47be3023cd7fa649a05d
- SHA512
  
  39f827628690c450d5f33794c2aa24bb5810836078d2afb9c3f6a82174bdb01ba6c927c0c5c9e87505d6143e8d1abd9ec49d824066cb8ead3aa91f932ff5c725
- SSDEEP
  
  6144:MULHHyh59bCTYCjZe9JlOevq1QV7mRnFGxb+7eEWajl45mc:T7He59bUFWSeveQiFGAVy
Score

10^/10

redline fredy discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinefredydiscoveryinfostealerspywarestealer

behavioral2

redlinefredydiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy