redline | 471a67584d6dfca1e9fa398a1816aba11449409eed57bb6acdebed84978b58f0 | Triage

Submit
Reports

Overview

overview

Static

static

1048-56-0x...ry.exe

windows7-x64

1048-56-0x...ry.exe

windows10-2004-x64

Sharing

General

Target

1048-56-0x0000000004BC0000-0x0000000004BE8000-memory.dmp
Size

160KB
Sample

230606-qnnyladg95
MD5

f08a0a690129b8cf41baf9539ccd7c0b
SHA1

15d2ea2261ccba448ab77174312d763df1a2d94a
SHA256

471a67584d6dfca1e9fa398a1816aba11449409eed57bb6acdebed84978b58f0
SHA512

909533b70f94355e742176dcff3b8bd80fad3f56c4594d41f62746b3b4195b244a84893d2f29ac8523c91667760c6eaea941e37f7355da478c46c521fea2453f
SSDEEP

1536:2KqOtN6ba7o5LhpDyBvLs+L5+bYvHvNw69ksYgibfbFDKsR+:2eQHqjxLYUDnYgafJl+

Score

10^/10

redline @chicago discovery infostealer spyware stealer

Static task

static1

@chicago redline

3 signatures

Behavioral task

behavioral1

Sample

1048-56-0x0000000004BC0000-0x0000000004BE8000-memory.exe

Resource

win7-20230220-en

redline @chicago discovery infostealer spyware stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

1048-56-0x0000000004BC0000-0x0000000004BE8000-memory.exe

Resource

win10v2004-20230220-en

redline @chicago discovery infostealer spyware stealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

@Chicago

C2

185.81.68.115:2920

Attributes

auth_value
624a75e46c4217bc2cafb7758d1978d9

Targets

- Target
  
  1048-56-0x0000000004BC0000-0x0000000004BE8000-memory.dmp
- Size
  
  160KB
- MD5
  
  f08a0a690129b8cf41baf9539ccd7c0b
- SHA1
  
  15d2ea2261ccba448ab77174312d763df1a2d94a
- SHA256
  
  471a67584d6dfca1e9fa398a1816aba11449409eed57bb6acdebed84978b58f0
- SHA512
  
  909533b70f94355e742176dcff3b8bd80fad3f56c4594d41f62746b3b4195b244a84893d2f29ac8523c91667760c6eaea941e37f7355da478c46c521fea2453f
- SSDEEP
  
  1536:2KqOtN6ba7o5LhpDyBvLs+L5+bYvHvNw69ksYgibfbFDKsR+:2eQHqjxLYUDnYgafJl+
Score

10^/10

redline @chicago discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

@chicagoredline

behavioral1

redline@chicagodiscoveryinfostealerspywarestealer

behavioral2

redline@chicagodiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy