redline | 718034f9b541fdf7866851cd4ced6b406e07952944717e4291b38e75ac763e12 | Triage

Submit
Reports

Overview

overview

Static

static

3

NA_718034f...JC.exe

windows7-x64

NA_718034f...JC.exe

windows10-2004-x64

7

Sharing

General

Target

NA_718034f9b541fdf7866851cd4_JC.exe
Size

362KB
Sample

230726-rbm17scd86
MD5

fdf6b17c3ae46d5761d3e6e417fb9b1f
SHA1

d6ad48bcc77f753c7ba6047dcde6a178db3c2eea
SHA256

718034f9b541fdf7866851cd4ced6b406e07952944717e4291b38e75ac763e12
SHA512

9bc310f952cdc24237b5535eb9180aee0fec47ffe9a4eee3e8a08a5294d01f95e8991a7de1049e61d645e92de1c9b7fb58f5f43bcff391e57e8768a7c4d4c506
SSDEEP

6144:XZhZgGTk/oPXfPKaEyfc4gYVxv/K6xCOT5UzkqW7tJcnAvI:phW8kgPPPK2fjFRUQ5YuJg

Score

10^/10

redline @germany discovery infostealer spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

NA_718034f9b541fdf7866851cd4_JC.exe

Resource

win7-20230712-en

redline @germany discovery infostealer spyware stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

NA_718034f9b541fdf7866851cd4_JC.exe

Resource

win10v2004-20230703-en

discovery spyware stealer

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

@Germany

C2

194.26.135.162:2920

Attributes

auth_value
9d15d78194367a949e54a07d6ce02c62

Targets

- Target
  
  NA_718034f9b541fdf7866851cd4_JC.exe
- Size
  
  362KB
- MD5
  
  fdf6b17c3ae46d5761d3e6e417fb9b1f
- SHA1
  
  d6ad48bcc77f753c7ba6047dcde6a178db3c2eea
- SHA256
  
  718034f9b541fdf7866851cd4ced6b406e07952944717e4291b38e75ac763e12
- SHA512
  
  9bc310f952cdc24237b5535eb9180aee0fec47ffe9a4eee3e8a08a5294d01f95e8991a7de1049e61d645e92de1c9b7fb58f5f43bcff391e57e8768a7c4d4c506
- SSDEEP
  
  6144:XZhZgGTk/oPXfPKaEyfc4gYVxv/K6xCOT5UzkqW7tJcnAvI:phW8kgPPPK2fjFRUQ5YuJg
Score

10^/10

redline @germany discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redline@germanydiscoveryinfostealerspywarestealer

behavioral2

discoveryspywarestealer

© 2018-2024

Terms | Privacy