redline | 07728dd544ec371bf65209cce3957cb3f0e8471d4208ea48d8c49646e339618f | Triage

Submit
Reports

Overview

overview

Static

static

1

07728dd544...8f.exe

windows7-x64

07728dd544...8f.exe

windows10-2004-x64

Sharing

General

Target

07728dd544ec371bf65209cce3957cb3f0e8471d4208ea48d8c49646e339618f.exe
Size

283KB
Sample

230405-m45z9sfd9w
MD5

bd1a8fb9af693f4dd1f3e0ec2e186f02
SHA1

c76c3f8aa1b8d21d38fea006fc46f4875f882815
SHA256

07728dd544ec371bf65209cce3957cb3f0e8471d4208ea48d8c49646e339618f
SHA512

4b2228f990510a8baf02519ddc84fb282e53f88b8fddcbba7c33e1e7ca9269cfcf6fd7ef5abb4e259f3b288518229400cf617cc4c6438626c5f6c307bef28a59
SSDEEP

3072:d7bC+rGK/5iPU3VTjrSoTb3WJBirraNyVPlEDWfPZGXoE0rGxamaptb4lfzz2FOo:52LKUPS7GJBbugWJGXP0rF3b4lrzR5

Score

10^/10

redline @chicago discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

07728dd544ec371bf65209cce3957cb3f0e8471d4208ea48d8c49646e339618f.exe

Resource

win7-20230220-en

redline @chicago discovery infostealer spyware stealer

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

07728dd544ec371bf65209cce3957cb3f0e8471d4208ea48d8c49646e339618f.exe

Resource

win10v2004-20230220-en

redline @chicago discovery infostealer spyware stealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

@chicago

C2

185.11.61.125:22344

Attributes

auth_value
21f863e0cbd09d0681058e068d0d1d7f

Targets

- Target
  
  07728dd544ec371bf65209cce3957cb3f0e8471d4208ea48d8c49646e339618f.exe
- Size
  
  283KB
- MD5
  
  bd1a8fb9af693f4dd1f3e0ec2e186f02
- SHA1
  
  c76c3f8aa1b8d21d38fea006fc46f4875f882815
- SHA256
  
  07728dd544ec371bf65209cce3957cb3f0e8471d4208ea48d8c49646e339618f
- SHA512
  
  4b2228f990510a8baf02519ddc84fb282e53f88b8fddcbba7c33e1e7ca9269cfcf6fd7ef5abb4e259f3b288518229400cf617cc4c6438626c5f6c307bef28a59
- SSDEEP
  
  3072:d7bC+rGK/5iPU3VTjrSoTb3WJBirraNyVPlEDWfPZGXoE0rGxamaptb4lfzz2FOo:52LKUPS7GJBbugWJGXP0rF3b4lrzR5
Score

10^/10

redline @chicago discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline@chicagodiscoveryinfostealerspywarestealer

behavioral2

redline@chicagodiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy