redline | 0b7804cb7e24879a4fe9268bc4c427f5200b99b89c4fab051c6e7500bdeb812c | Triage

Submit
Reports

Overview

overview

Static

static

0e2f23e9e9...35.exe

windows7-x64

0e2f23e9e9...35.exe

windows10-2004-x64

7

Sharing

General

Target

0e2f23e9e9711230ef7d10373a10c635.exe
Size

335KB
Sample

230202-htsvqsfd66
MD5

0e2f23e9e9711230ef7d10373a10c635
SHA1

9f1f3d5e9cbdb8003f241dd30c27e28fc84df8a4
SHA256

0b7804cb7e24879a4fe9268bc4c427f5200b99b89c4fab051c6e7500bdeb812c
SHA512

c56bbb2cbc4831a7d90cca742afb60e756d52503dd2000da339e3bc25f87967d1ba35a71b8554921d8483329d6342fca9718c4ceb4c87f9b21fe0c1832b6881b
SSDEEP

6144:13bFCLaAvsdg/MjX6O8APax4kHByIysADFRxLe9sczWGUq:13bA+AvsaMj7aqpRD7xC9TC

Score

10^/10

redline milaf discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

0e2f23e9e9711230ef7d10373a10c635.exe

Resource

win7-20221111-en

redline milaf discovery infostealer spyware stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

0e2f23e9e9711230ef7d10373a10c635.exe

Resource

win10v2004-20221111-en

discovery spyware stealer

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

milaf

C2

193.233.20.5:4136

Attributes

auth_value
68aaee25afe3d0ae7d4db09dea02347c

Targets

- Target
  
  0e2f23e9e9711230ef7d10373a10c635.exe
- Size
  
  335KB
- MD5
  
  0e2f23e9e9711230ef7d10373a10c635
- SHA1
  
  9f1f3d5e9cbdb8003f241dd30c27e28fc84df8a4
- SHA256
  
  0b7804cb7e24879a4fe9268bc4c427f5200b99b89c4fab051c6e7500bdeb812c
- SHA512
  
  c56bbb2cbc4831a7d90cca742afb60e756d52503dd2000da339e3bc25f87967d1ba35a71b8554921d8483329d6342fca9718c4ceb4c87f9b21fe0c1832b6881b
- SSDEEP
  
  6144:13bFCLaAvsdg/MjX6O8APax4kHByIysADFRxLe9sczWGUq:13bA+AvsaMj7aqpRD7xC9TC
Score

10^/10

redline milaf discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinemilafdiscoveryinfostealerspywarestealer

behavioral2

discoveryspywarestealer

© 2018-2024

Terms | Privacy