redline | b20a55927f7fa65653a758c3962622ffdb428ef6fe03f80493b4798fa12ba1db | Triage

Submit
Reports

Overview

overview

Static

static

7

71feef2d7c...9d.exe

windows7-x64

71feef2d7c...9d.exe

windows10-2004-x64

Sharing

General

Target

71feef2d7c3a5b64d022f29b9e76799d.exe
Size

1.8MB
Sample

230616-n6v4hsef2t
MD5

71feef2d7c3a5b64d022f29b9e76799d
SHA1

4e166f8b0f35d3e654ab6a16793f17fc8f648b7c
SHA256

b20a55927f7fa65653a758c3962622ffdb428ef6fe03f80493b4798fa12ba1db
SHA512

61562206896ce0824f8f70af2e2e9a4ef98d3053a11d2e74f21cf5b780e99bd025a9dd3cc87fb1e779dd09402892a264fefa69496e1c6447da938d9fcaf0395e
SSDEEP

49152:4HWOaUxJgoj1THQbUf3rVrCOFA70asTrm:8CYJgClHWUf3rFC30at

Score

10^/10

redline lyla1606 top infostealer spyware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

71feef2d7c3a5b64d022f29b9e76799d.exe

Resource

win7-20230220-en

redline lyla1606 top infostealer spyware

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

71feef2d7c3a5b64d022f29b9e76799d.exe

Resource

win10v2004-20230220-en

redline lyla1606 top infostealer spyware

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

top

C2

83.97.73.124:53

Attributes

auth_value
053e5ccc53982413753b68419138b23a

Extracted

Family

redline

Botnet

Lyla1606

C2

94.130.176.65:13400

Attributes

auth_value
f39fff6907be2a845f1dd21f03a9f743

Targets

- Target
  
  71feef2d7c3a5b64d022f29b9e76799d.exe
- Size
  
  1.8MB
- MD5
  
  71feef2d7c3a5b64d022f29b9e76799d
- SHA1
  
  4e166f8b0f35d3e654ab6a16793f17fc8f648b7c
- SHA256
  
  b20a55927f7fa65653a758c3962622ffdb428ef6fe03f80493b4798fa12ba1db
- SHA512
  
  61562206896ce0824f8f70af2e2e9a4ef98d3053a11d2e74f21cf5b780e99bd025a9dd3cc87fb1e779dd09402892a264fefa69496e1c6447da938d9fcaf0395e
- SSDEEP
  
  49152:4HWOaUxJgoj1THQbUf3rVrCOFA70asTrm:8CYJgClHWUf3rFC30at
Score

10^/10

redline lyla1606 top infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Downloads MZ/PE file
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinelyla1606topinfostealerspyware

behavioral2

redlinelyla1606topinfostealerspyware

© 2018-2024

Terms | Privacy