redline | 068b0c7483230e8f8a600a72644bbb915bd70ad7b129e3998c69fd3c97ae1111 | Triage

Submit
Reports

Overview

overview

Static

static

3

b6916e92bc...da.exe

windows7-x64

b6916e92bc...da.exe

windows10-2004-x64

Sharing

General

Target

27121df06efbeded912d9bded3279f67.bin
Size

487KB
Sample

231019-bg639sec92
MD5

f10bff89fcbf9e1e18540bcaefd429e1
SHA1

457db3e388d6fb0d6008d8b85342a2b0f4de4d13
SHA256

068b0c7483230e8f8a600a72644bbb915bd70ad7b129e3998c69fd3c97ae1111
SHA512

32be1fe3c0d8246a1cb84886e3bda43a7dba07214b831e0e698744b8ee4e81db93805b1a664677bb0fcc4ac02170aa845a407674ebfc0a539f2c4cda7a17b526
SSDEEP

12288:wTWo+9fSspPegLdIXY3UNs31NYaae+k7wbsh+9zFWGksy9fCy:W+9lPLAY3UulN5aCZUkGks8P

Score

10^/10

redline 123 installs discovery infostealer spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b6916e92bc3a01c59eb34f0ec8e53b20948cd4dc26e84d06ae35f3ee2fa7cdda.exe

Resource

win7-20230831-en

redline 123 installs discovery infostealer spyware stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

b6916e92bc3a01c59eb34f0ec8e53b20948cd4dc26e84d06ae35f3ee2fa7cdda.exe

Resource

win10v2004-20230915-en

redline 123 installs discovery infostealer spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

installs

C2

91.103.253.6:22884

Extracted

Family

redline

Botnet

123

C2

51.254.67.186:16176

Targets

- Target
  
  b6916e92bc3a01c59eb34f0ec8e53b20948cd4dc26e84d06ae35f3ee2fa7cdda.exe
- Size
  
  607KB
- MD5
  
  27121df06efbeded912d9bded3279f67
- SHA1
  
  bcf41ecaccd1a8540dfabe9d9442972dbfa5970b
- SHA256
  
  b6916e92bc3a01c59eb34f0ec8e53b20948cd4dc26e84d06ae35f3ee2fa7cdda
- SHA512
  
  b63f2f8a9bd83e379eaccdc3780977d98b876e540b5465852811d49429d7d46e04cd5eca3d56e94f752f945196709e82c1cba8f106a87c4f4d35a311e7788731
- SSDEEP
  
  12288:JcrNS33L10QdrXZT+tcWnvlOAYnPQY5WEtuWcy1MERYs:0NA3R5drX/WvwpnPQY0x9uME6s
Score

10^/10

redline 123 installs discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redline123installsdiscoveryinfostealerspywarestealer

behavioral2

redline123installsdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy