redline | 8fb600b8f74db4b37a558ede015e4b8fd93ac52ea5439f48d74cfab53e32490a | Triage

Submit
Reports

Overview

overview

Static

static

c9a04f74a6...7a.exe

windows7-x64

c9a04f74a6...7a.exe

windows10-2004-x64

7

Sharing

General

Target

c9a04f74a6fccdd73cdaef10f65c357a.exe
Size

335KB
Sample

230202-hmg5nafd39
MD5

c9a04f74a6fccdd73cdaef10f65c357a
SHA1

bfb30e0ed7a5abbed0ff6842bb84a23e61d8d747
SHA256

8fb600b8f74db4b37a558ede015e4b8fd93ac52ea5439f48d74cfab53e32490a
SHA512

89e920a26cae1e50c971dc0a66509584b8a59707e89e5c951a779b89fc0d3b187c5a9a4381c66d584cc9d24e0b538e5113952bb46a65f3a68c833bd9601d0c83
SSDEEP

6144:aTm3lYLu+bhxGHkv4usj/ZlntgYlrV+n+BCIWCF2R:aTqO6+bhQHkYhlntgYlh++nRF2

Score

10^/10

redline milaf discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

c9a04f74a6fccdd73cdaef10f65c357a.exe

Resource

win7-20221111-en

redline milaf discovery infostealer spyware stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

c9a04f74a6fccdd73cdaef10f65c357a.exe

Resource

win10v2004-20220901-en

discovery spyware stealer

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

milaf

C2

193.233.20.5:4136

Attributes

auth_value
68aaee25afe3d0ae7d4db09dea02347c

Targets

- Target
  
  c9a04f74a6fccdd73cdaef10f65c357a.exe
- Size
  
  335KB
- MD5
  
  c9a04f74a6fccdd73cdaef10f65c357a
- SHA1
  
  bfb30e0ed7a5abbed0ff6842bb84a23e61d8d747
- SHA256
  
  8fb600b8f74db4b37a558ede015e4b8fd93ac52ea5439f48d74cfab53e32490a
- SHA512
  
  89e920a26cae1e50c971dc0a66509584b8a59707e89e5c951a779b89fc0d3b187c5a9a4381c66d584cc9d24e0b538e5113952bb46a65f3a68c833bd9601d0c83
- SSDEEP
  
  6144:aTm3lYLu+bhxGHkv4usj/ZlntgYlrV+n+BCIWCF2R:aTqO6+bhQHkYhlntgYlh++nRF2
Score

10^/10

redline milaf discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinemilafdiscoveryinfostealerspywarestealer

behavioral2

discoveryspywarestealer

© 2018-2024

Terms | Privacy