redline | 121e4e191ce00a7e9c0adecfd344c71117318aac7d2f6ca9b4f9a8cb3f7d5149 | Triage

Submit
Reports

Overview

overview

Static

static

0x000a0000...10.exe

windows7-x64

0x000a0000...10.exe

windows10-2004-x64

Sharing

General

Target

0x000a00000001af29-1110.dat
Size

175KB
Sample

230328-jzfb9shg47
MD5

6efa25c26be8b5c15a761d31ae6a2d44
SHA1

be3e836eb74fae552794b84e230bc7f944deb86b
SHA256

121e4e191ce00a7e9c0adecfd344c71117318aac7d2f6ca9b4f9a8cb3f7d5149
SHA512

14c49bfb32116a87383f19b09937e6c9a26fec71a1971a7c66fe7e01d39d1d2a5acf50d8e36f87b554a6f75c4afbd4d35895f77758e6a91b922c465a472e8223
SSDEEP

3072:4xqZWZRanU2n0/Z62eJ5evJ9ih+PxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOm:mqZg/Z6XJIih

Score

10^/10

redline from discovery infostealer persistence spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0x000a00000001af29-1110.exe

Resource

win7-20230220-en

redline from discovery infostealer spyware stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

0x000a00000001af29-1110.exe

Resource

win10v2004-20230220-en

redline from discovery infostealer persistence spyware stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

from

C2

176.113.115.145:4125

Attributes

auth_value
8633e283485822a4a48f0a41d5397566

Targets

- Target
  
  0x000a00000001af29-1110.dat
- Size
  
  175KB
- MD5
  
  6efa25c26be8b5c15a761d31ae6a2d44
- SHA1
  
  be3e836eb74fae552794b84e230bc7f944deb86b
- SHA256
  
  121e4e191ce00a7e9c0adecfd344c71117318aac7d2f6ca9b4f9a8cb3f7d5149
- SHA512
  
  14c49bfb32116a87383f19b09937e6c9a26fec71a1971a7c66fe7e01d39d1d2a5acf50d8e36f87b554a6f75c4afbd4d35895f77758e6a91b922c465a472e8223
- SSDEEP
  
  3072:4xqZWZRanU2n0/Z62eJ5evJ9ih+PxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOm:mqZg/Z6XJIih
Score

10^/10

redline from discovery infostealer spyware stealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinefromdiscoveryinfostealerspywarestealer

behavioral2

redlinefromdiscoveryinfostealerpersistencespywarestealer

© 2018-2024

Terms | Privacy