redline | aa7adbda2c4f34dc0f70c0d11221b85bbf0d1f9044f6ee0cc7334cce231196a4 | Triage

Submit
Reports

Overview

overview

Static

static

1ca8f444f9...e9.exe

windows7-x64

1ca8f444f9...e9.exe

windows10-2004-x64

Sharing

General

Target

2c470494b6dc68b2346e42542d80a0fd.bin
Size

113KB
Sample

240110-bma8saccd3
MD5

88c429a6ee13874e122500e427bb790a
SHA1

71a7dcdfd8b8132f7e3c6f760003871c4ee4da6d
SHA256

aa7adbda2c4f34dc0f70c0d11221b85bbf0d1f9044f6ee0cc7334cce231196a4
SHA512

d1d608a5cdb16849d37a7d18747cbcb9d38b5d169b496dcd1957fb6508a24f7535a6934e1b273887555126d81169d4f4105a75e035b2168546a56c7d99a6b0fe
SSDEEP

3072:PrVjQaCIc+lcYGl1Vje7//eO8eoE+9/97tKDCKAZbxZqyNwi:JjuINlB+8njtt+9vwj+xZki

Score

10^/10

redline 2024 discovery infostealer spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

1ca8f444f95c2cd9817ce6ab789513e55629c0e0ac0d2b7b552d402517e7cfe9.exe

Resource

win7-20231129-en

redline 2024 discovery infostealer spyware stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

1ca8f444f95c2cd9817ce6ab789513e55629c0e0ac0d2b7b552d402517e7cfe9.exe

Resource

win10v2004-20231215-en

redline 2024 discovery infostealer spyware stealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

2024

C2

195.20.16.103:20440

Targets

- Target
  
  1ca8f444f95c2cd9817ce6ab789513e55629c0e0ac0d2b7b552d402517e7cfe9.exe
- Size
  
  300KB
- MD5
  
  2c470494b6dc68b2346e42542d80a0fd
- SHA1
  
  87ce1483571bf04d67be4c8cb12fb7dfef4ba299
- SHA256
  
  1ca8f444f95c2cd9817ce6ab789513e55629c0e0ac0d2b7b552d402517e7cfe9
- SHA512
  
  c07332228810928b01aba94119e0f93339c08e55ad656d2eaff5c7647e42bbf5ab529232163fb1bbd14af3331a49d0fb537cfb5eb83565f674155e53d4ae41b5
- SSDEEP
  
  3072:s29LP/YAQlW30GLsmAwNr12pGuhTMo1syKXFWnO3TRGfx01h7AykPMRqT6Dv/Yi5:x2dmA42gST981BcxKBA9PMRqT6D4wL
Score

10^/10

redline 2024 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redline2024discoveryinfostealerspywarestealer

behavioral2

redline2024discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy