redline | d9e1e3ea47dcbcae6a950e66187a1f8e84b81c2cd1b8b046d0c4d0198ba5e8f9 | Triage

Submit
Reports

Overview

overview

Static

static

1

931550f644...29.exe

windows7-x64

931550f644...29.exe

windows10-2004-x64

Sharing

General

Target

6ac746b33d45f3a5389023fa3aa38a40.bin
Size

269KB
Sample

230328-b3nttagc84
MD5

45d62f7da9ffc8ed8e7444aa14f0fb50
SHA1

77ed15cfcf34efa1f785f75904de2b9b805fd1b6
SHA256

d9e1e3ea47dcbcae6a950e66187a1f8e84b81c2cd1b8b046d0c4d0198ba5e8f9
SHA512

e2a31d3fdf0c7a55a2a452a00877a2f8cf4aaeb39348f41e1f28ed9a556a650da696ad8c46bbbace3184fd0e27fc4bbbfc3e73d96d87dc6e5ba9968aa0dd9867
SSDEEP

6144:uQi6J6D41xE1ypSyVJX6dobcW25mIJyFQy1ugy3Ba5oH4:g6J7hpPVJX6Kp25mIJyFz143BaT

Score

10^/10

redline @chicago discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

931550f6442765e288034980250788695e5e57bc2ec44b1a09fd6115fb5a1e29.exe

Resource

win7-20230220-en

redline @chicago discovery infostealer spyware stealer

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

931550f6442765e288034980250788695e5e57bc2ec44b1a09fd6115fb5a1e29.exe

Resource

win10v2004-20230220-en

redline @chicago discovery infostealer spyware stealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

@chicago

C2

185.11.61.125:22344

Attributes

auth_value
21f863e0cbd09d0681058e068d0d1d7f

Targets

- Target
  
  931550f6442765e288034980250788695e5e57bc2ec44b1a09fd6115fb5a1e29.exe
- Size
  
  380KB
- MD5
  
  6ac746b33d45f3a5389023fa3aa38a40
- SHA1
  
  ed149f7728ffb1cfaa6b9884522647dad1dd261b
- SHA256
  
  931550f6442765e288034980250788695e5e57bc2ec44b1a09fd6115fb5a1e29
- SHA512
  
  dff49074f5b26182060eaecf257189a2c4cfca37295f4150fde8a3465ebcb58283cb1f768a0f6793668deaa1e9bd66bfeaf9a926ae85771f10739fbe850d0093
- SSDEEP
  
  6144:qRnxyU+DIM5nSAy6YbWYYo4zsxDOdu6Q0KgT8S/ANN4T:qRnxt+Ddt49tvOrlT2N
Score

10^/10

redline @chicago discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline@chicagodiscoveryinfostealerspywarestealer

behavioral2

redline@chicagodiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy