redline | 9285f56d3f84131e78d09d2b85dad48a871eec4702cb6494e9c46a24f70e50f9 | Triage

Submit
Reports

Overview

overview

Static

static

1

SecuriteIn...72.exe

windows7-x64

SecuriteIn...72.exe

windows10-2004-x64

Sharing

General

Target

SecuriteInfo.com.Win32.PWSX-gen.19272.7299
Size

329KB
Sample

240120-1gdjdshadn
MD5

927fa2810d057f5b7740f9fd3d0af3c9
SHA1

b75d4c86d3b4fd9d6ecf4be05d9ebcf4d7fd7ec8
SHA256

9285f56d3f84131e78d09d2b85dad48a871eec4702cb6494e9c46a24f70e50f9
SHA512

54af68949da4520c87e24d613817003705e8e50d3006e81dcf5d924003c1a1b8185ba89f6878c0abac61f34efbe7a9233f28ba3e678a35983c1e74216a5ac1a8
SSDEEP

6144:Y2A0vtQBor7oi2eemoLa9VBdH/Mz1KKd619AqUAwZuav:FA0v4ovo8NoLm5s5duBUAwJ

Score

10^/10

redline @rlreborn cloud tg: @fatherofcarders)discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Win32.PWSX-gen.19272.exe

Resource

win7-20231215-en

redline @rlreborn cloud tg: @fatherofcarders)discovery infostealer spyware stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.Win32.PWSX-gen.19272.exe

Resource

win10v2004-20231222-en

redline @rlreborn cloud tg: @fatherofcarders)discovery infostealer spyware stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

@RLREBORN Cloud TG: @FATHEROFCARDERS)

C2

141.95.211.148:46011

Targets

- Target
  
  SecuriteInfo.com.Win32.PWSX-gen.19272.7299
- Size
  
  329KB
- MD5
  
  927fa2810d057f5b7740f9fd3d0af3c9
- SHA1
  
  b75d4c86d3b4fd9d6ecf4be05d9ebcf4d7fd7ec8
- SHA256
  
  9285f56d3f84131e78d09d2b85dad48a871eec4702cb6494e9c46a24f70e50f9
- SHA512
  
  54af68949da4520c87e24d613817003705e8e50d3006e81dcf5d924003c1a1b8185ba89f6878c0abac61f34efbe7a9233f28ba3e678a35983c1e74216a5ac1a8
- SSDEEP
  
  6144:Y2A0vtQBor7oi2eemoLa9VBdH/Mz1KKd619AqUAwZuav:FA0v4ovo8NoLm5s5duBUAwJ
Score

10^/10

redline @rlreborn cloud tg: @fatherofcarders)discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redline@rlreborn cloud tg: @fatherofcarders)discoveryinfostealerspywarestealer

behavioral2

redline@rlreborn cloud tg: @fatherofcarders)discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy