redline | f37cdda29b2284eefe2b8f18d501315623d16598037facde6b46e65d12e02c23 | Triage

Submit
Reports

Overview

overview

Static

static

1

qu0544.exe

windows7-x64

qu0544.exe

windows10-2004-x64

Sharing

General

Target

qu0544.exe
Size

386KB
Sample

230327-bpjmyach4z
MD5

d5b133cc6cf87712531a8bcbddbc2623
SHA1

62c442d4ff62589a02ffd610ba9b48f93932b467
SHA256

f37cdda29b2284eefe2b8f18d501315623d16598037facde6b46e65d12e02c23
SHA512

040b7ce08685f509d988b067a7669ddb5933e493580157bf4f9ecdbb82a103ecd0e988710c3757f2b4805f33948b52fccf135f414c82a2faa77975fa4e95ccc4
SSDEEP

12288:RBGU4+32Li0B0c43xCnMTKbwxo0lf+IXO:R337s4hmM+8xH

Score

10^/10

redline boris discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

qu0544.exe

Resource

win7-20230220-en

redline boris discovery infostealer spyware stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

qu0544.exe

Resource

win10v2004-20230220-en

redline boris discovery infostealer spyware stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

boris

C2

193.233.20.32:4125

Attributes

auth_value
766b5bdf6dbefcf7ca223351952fc38f

Targets

- Target
  
  qu0544.exe
- Size
  
  386KB
- MD5
  
  d5b133cc6cf87712531a8bcbddbc2623
- SHA1
  
  62c442d4ff62589a02ffd610ba9b48f93932b467
- SHA256
  
  f37cdda29b2284eefe2b8f18d501315623d16598037facde6b46e65d12e02c23
- SHA512
  
  040b7ce08685f509d988b067a7669ddb5933e493580157bf4f9ecdbb82a103ecd0e988710c3757f2b4805f33948b52fccf135f414c82a2faa77975fa4e95ccc4
- SSDEEP
  
  12288:RBGU4+32Li0B0c43xCnMTKbwxo0lf+IXO:R337s4hmM+8xH
Score

10^/10

redline boris discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineborisdiscoveryinfostealerspywarestealer

behavioral2

redlineborisdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy