redline | 0c766e02e91316b9af9a8b3d846304e37b53366922e4a02965ca20e0218a7e73 | Triage

Submit
Reports

Overview

overview

Static

static

3

3ef6e2d77b...a9.exe

windows7-x64

3ef6e2d77b...a9.exe

windows10-2004-x64

7

Sharing

General

Target

2d5abd21ea086208c95c0dc3c7febed5.bin
Size

249KB
Sample

230610-bmax1sef41
MD5

dde8d4f173595894f843b95045a806a0
SHA1

e591450ed318fff8ddfc39034685f4fe73fd0fb9
SHA256

0c766e02e91316b9af9a8b3d846304e37b53366922e4a02965ca20e0218a7e73
SHA512

a7f5d47fdc1f6d7132d3c6f33bc6100a60672950607ff5700d6bdf1059180a963bf2da59b4f5d375e97f5f7dc60373e9217efe09fb8b607eaebb1f5a39f6985f
SSDEEP

6144:HOrs3PQU7/Tq91EbojkcYJFvs0czpGJHLh2KS7hDM1VfqH7wMi:wSPX/2FTYJNAl4LhsuVXl

Score

10^/10

redline @germany discovery infostealer spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3ef6e2d77b69452be6d8101b1bc029570af3af86495111bbca696c92345547a9.exe

Resource

win7-20230220-en

redline @germany discovery infostealer spyware stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

3ef6e2d77b69452be6d8101b1bc029570af3af86495111bbca696c92345547a9.exe

Resource

win10v2004-20230220-en

discovery spyware stealer

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

@Germany

C2

185.81.68.115:2920

Attributes

auth_value
9d15d78194367a949e54a07d6ce02c62

Targets

- Target
  
  3ef6e2d77b69452be6d8101b1bc029570af3af86495111bbca696c92345547a9.exe
- Size
  
  373KB
- MD5
  
  2d5abd21ea086208c95c0dc3c7febed5
- SHA1
  
  c7789859223961b77aa1992fac9ef7ee150b2b09
- SHA256
  
  3ef6e2d77b69452be6d8101b1bc029570af3af86495111bbca696c92345547a9
- SHA512
  
  df98cadec3cedb29f098de851e2e35441b4184e05203994a17cd199cb2d8ed44e42e2d4822fc96decf698be41e880ae2dc4757e59678eeb7804c44dedba1b06c
- SSDEEP
  
  6144:ex9PCdRmTO7s9RTU2u9lY/+/+hcXMH7UYmJtqz9+4:eDPCnJAxMck+mXyxmJwz
Score

10^/10

redline @germany discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline@germanydiscoveryinfostealerspywarestealer

behavioral2

discoveryspywarestealer

© 2018-2024

Terms | Privacy