redline | 0463d7c695a2f812992eacbd3e29843a0f4a49a0f664606cd9dc11bac67148e8 | Triage

Submit
Reports

Overview

overview

Static

static

1

4b920eec3f...b5.exe

windows7-x64

4b920eec3f...b5.exe

windows10-2004-x64

Sharing

General

Target

4b920eec3febd1c102d5be425b80053c5a56d582e0a16c24b12cb5dd42d80eb5.zip
Size

253KB
Sample

230308-ndrkmafc6w
MD5

e4b21da8de91d9c75cd405dd745b7d8e
SHA1

bcc503bc6014edda8f0ade5601aa291a3f027997
SHA256

0463d7c695a2f812992eacbd3e29843a0f4a49a0f664606cd9dc11bac67148e8
SHA512

aaf7a778c273150eee1fea74cd968b2d8c3d8d862142dae86e3c57fb863a1e8ebcd0d5ee55a06fea01aa4902d9d3a02466aef97da9146e130953d6e2a62a7f0f
SSDEEP

6144:I0h5J9cUQStwwECS+i0bSEtlVV+yDG5jwaTx9:PZtREf+POglfDiwaTx9

Score

10^/10

redline fud discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

4b920eec3febd1c102d5be425b80053c5a56d582e0a16c24b12cb5dd42d80eb5.exe

Resource

win7-20230220-en

redline fud discovery infostealer spyware stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

4b920eec3febd1c102d5be425b80053c5a56d582e0a16c24b12cb5dd42d80eb5.exe

Resource

win10v2004-20230220-en

redline fud discovery infostealer spyware stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

fud

C2

193.233.20.27:4123

Attributes

auth_value
cddc991efd6918ad5321d80dac884b40

Targets

- Target
  
  4b920eec3febd1c102d5be425b80053c5a56d582e0a16c24b12cb5dd42d80eb5.exe
- Size
  
  361KB
- MD5
  
  a413967d29faa8bfe4a16a4559cb31c0
- SHA1
  
  73e5da45efb8fd5d49bafce6dee1dd821cdb8988
- SHA256
  
  4b920eec3febd1c102d5be425b80053c5a56d582e0a16c24b12cb5dd42d80eb5
- SHA512
  
  74ac0edf2c551b28dde2f97978cb8904040365939e4e6eb45da0408d5b3d333705d103954a71c44221867a9919d899448013316852e5b795e8b6f28a6e25850e
- SSDEEP
  
  6144:FLPm5PKqhKsktou8kTRjK12KUl9fNGEXjzgU0onQCf4eZ:FLmtJGXTaqlFNfvgUJ5/Z
Score

10^/10

redline fud discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinefuddiscoveryinfostealerspywarestealer

behavioral2

redlinefuddiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy