redline | dd58888fdff857aaada05a63639dd62eb18db59ff49d719b9d08c92399224480 | Triage

Submit
Reports

Overview

overview

Static

static

3

dd58888fdf...80.exe

windows7-x64

dd58888fdf...80.exe

windows10-2004-x64

Sharing

General

Target

dd58888fdff857aaada05a63639dd62eb18db59ff49d719b9d08c92399224480
Size

451KB
Sample

231228-zv6awsaad5
MD5

55bc839b3cfeccbef02b0895d33bfda1
SHA1

2aaed760d01c2574c4ffc6e6aa26048669a23211
SHA256

dd58888fdff857aaada05a63639dd62eb18db59ff49d719b9d08c92399224480
SHA512

dddc3954b64c30f3508725b7a86fb22d221a5c9d1587d6c7b22d88f1fd2a8fce8ed79b9418da7d2941b210bf211182e9e9b1c062c566537522ee6a7ff52b63a8
SSDEEP

6144:qiZtz1epr90wnWQgI7qEP4smV+/Eb1yHEwH/fwEBF2YEZrxp6ZTNSNBZN:VZtBO+lI7q5V2EAHLcrxU1A

Score

10^/10

redline @cham1ng discovery infostealer spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

dd58888fdff857aaada05a63639dd62eb18db59ff49d719b9d08c92399224480.exe

Resource

win7-20231215-en

redline @cham1ng discovery infostealer spyware stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

dd58888fdff857aaada05a63639dd62eb18db59ff49d719b9d08c92399224480.exe

Resource

win10v2004-20231215-en

redline @cham1ng discovery infostealer spyware stealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

@cham1ng

C2

45.15.156.167:80

Targets

- Target
  
  dd58888fdff857aaada05a63639dd62eb18db59ff49d719b9d08c92399224480
- Size
  
  451KB
- MD5
  
  55bc839b3cfeccbef02b0895d33bfda1
- SHA1
  
  2aaed760d01c2574c4ffc6e6aa26048669a23211
- SHA256
  
  dd58888fdff857aaada05a63639dd62eb18db59ff49d719b9d08c92399224480
- SHA512
  
  dddc3954b64c30f3508725b7a86fb22d221a5c9d1587d6c7b22d88f1fd2a8fce8ed79b9418da7d2941b210bf211182e9e9b1c062c566537522ee6a7ff52b63a8
- SSDEEP
  
  6144:qiZtz1epr90wnWQgI7qEP4smV+/Eb1yHEwH/fwEBF2YEZrxp6ZTNSNBZN:VZtBO+lI7q5V2EAHLcrxU1A
Score

10^/10

redline @cham1ng discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redline@cham1ngdiscoveryinfostealerspywarestealer

behavioral2

redline@cham1ngdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy