redline | 6ce0e405b0bd60d6dac392dc909ed665bb9b70b2c401e2c61b1ecd78b8036f2f | Triage

Submit
Reports

Overview

overview

Static

static

3

1.exe

windows7-x64

1.exe

windows10-2004-x64

7

Sharing

General

Target

1.exe
Size

376KB
Sample

230629-r5bv2aee8s
MD5

6d526405031d438f3c3f7e4fb2a8ed90
SHA1

575d5a012529129f553af802cbace89b0eb4169a
SHA256

6ce0e405b0bd60d6dac392dc909ed665bb9b70b2c401e2c61b1ecd78b8036f2f
SHA512

e00292e6b1b30da525b707d3843421b3cf3b874ca5492a4d4ea674c68ca5124921e14b1952b021a1910890928f78a72246561e2adeba6f775fa9231bfdf6d6f4
SSDEEP

6144:loJW7QzqMUONB62KDwy3O1GOInxoY5kdF:locQzyURywpIlm

Score

10^/10

redline @chicago discovery infostealer spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1.exe

Resource

win7-20230621-en

redline @chicago discovery infostealer spyware stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

1.exe

Resource

win10v2004-20230621-en

discovery spyware stealer

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

@Chicago

C2

185.81.68.115:2920

Attributes

auth_value
624a75e46c4217bc2cafb7758d1978d9

Targets

- Target
  
  1.exe
- Size
  
  376KB
- MD5
  
  6d526405031d438f3c3f7e4fb2a8ed90
- SHA1
  
  575d5a012529129f553af802cbace89b0eb4169a
- SHA256
  
  6ce0e405b0bd60d6dac392dc909ed665bb9b70b2c401e2c61b1ecd78b8036f2f
- SHA512
  
  e00292e6b1b30da525b707d3843421b3cf3b874ca5492a4d4ea674c68ca5124921e14b1952b021a1910890928f78a72246561e2adeba6f775fa9231bfdf6d6f4
- SSDEEP
  
  6144:loJW7QzqMUONB62KDwy3O1GOInxoY5kdF:locQzyURywpIlm
Score

10^/10

redline @chicago discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline@chicagodiscoveryinfostealerspywarestealer

behavioral2

discoveryspywarestealer

© 2018-2024

Terms | Privacy