redline | d357aa32f6e5c46ec75b865d6809fc932f741c9e2a24391bd183ba29ef2cf165 | Triage

Submit
Reports

Overview

overview

Static

static

1

comp.exe

windows7-x64

comp.exe

windows10-2004-x64

7

Sharing

General

Target

comp
Size

59KB
Sample

230308-ljtk3aef6v
MD5

ca51df0fb6d4e43f6d0247359811c0bb
SHA1

77654975f69fdae6865fbcf86c053e0f47e82ff6
SHA256

d357aa32f6e5c46ec75b865d6809fc932f741c9e2a24391bd183ba29ef2cf165
SHA512

69f59146413291729ffa16522313d1d1f678ca4373343f9787bfd18107c42f7750f37defe7bdd7d87d2bb6f46193a7399326677d212527366b37a6de46fe3d5e
SSDEEP

1536:PP19cMtBi1qJ5d24Uu5cDg1OT5oTd5G3bv:bzSqjd2fu5/kFop5G3bv

Score

10^/10

redline error discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

comp.exe

Resource

win7-20230220-en

redline error discovery infostealer spyware stealer

windows7-x64

9 signatures

300 seconds

Behavioral task

behavioral2

Sample

comp.exe

Resource

win10v2004-20230220-en

discovery spyware stealer

windows10-2004-x64

8 signatures

300 seconds

Malware Config

Extracted

Family

redline

Botnet

Error

C2

104.161.22.147:39801

Attributes

auth_value
52717c09b6af10a8a93102c172d6a856

Targets

- Target
  
  comp
- Size
  
  59KB
- MD5
  
  ca51df0fb6d4e43f6d0247359811c0bb
- SHA1
  
  77654975f69fdae6865fbcf86c053e0f47e82ff6
- SHA256
  
  d357aa32f6e5c46ec75b865d6809fc932f741c9e2a24391bd183ba29ef2cf165
- SHA512
  
  69f59146413291729ffa16522313d1d1f678ca4373343f9787bfd18107c42f7750f37defe7bdd7d87d2bb6f46193a7399326677d212527366b37a6de46fe3d5e
- SSDEEP
  
  1536:PP19cMtBi1qJ5d24Uu5cDg1OT5oTd5G3bv:bzSqjd2fu5/kFop5G3bv
Score

10^/10

redline error discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineerrordiscoveryinfostealerspywarestealer

behavioral2

discoveryspywarestealer

© 2018-2024

Terms | Privacy