redline | eb4a47653abbe7e92a1d264521f00e82b485bf14fdde046aaa4291f495ae96f9 | Triage

Submit
Reports

Overview

overview

Static

static

a177d02e06...ff.exe

windows7-x64

a177d02e06...ff.exe

windows10-2004-x64

Sharing

General

Target

9aa8737202bac7dcc71ef4c77939f82b.bin
Size

118KB
Sample

240201-dbr39sbfgn
MD5

5606cb01fad8bd003345488fb18e4f95
SHA1

485e25863470fb73db3e8a3cdfe31b87b94911dd
SHA256

eb4a47653abbe7e92a1d264521f00e82b485bf14fdde046aaa4291f495ae96f9
SHA512

cc31b20810d219e80e0ce86ebf2974e3c721b4565ce44b65f0dd58aad01f8dce07bbc49b0467911813ff9728c8182dc78c3af683bdd41c55b613161977683068
SSDEEP

3072:5A1v4KT/+pVSljF5ZFlQCHloEKD735vNFBqGK3cv:yiKb+T+/ZIEaZ7pv3BqGKe

Score

10^/10

redline @rlreborn cloud tg: @fatherofcarders)discovery infostealer spyware stealer

Static task

static1

@rlreborn cloud tg: @fatherofcarders)redline

3 signatures

Behavioral task

behavioral1

Sample

a177d02e062d3068da14ad638fe58ce76d614fa15c1890f668747c61bd132aff.exe

Resource

win7-20231215-en

redline @rlreborn cloud tg: @fatherofcarders)discovery infostealer spyware stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

a177d02e062d3068da14ad638fe58ce76d614fa15c1890f668747c61bd132aff.exe

Resource

win10v2004-20231215-en

redline @rlreborn cloud tg: @fatherofcarders)discovery infostealer spyware stealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

@RLREBORN Cloud TG: @FATHEROFCARDERS)

C2

141.95.211.148:46011

Targets

- Target
  
  a177d02e062d3068da14ad638fe58ce76d614fa15c1890f668747c61bd132aff.exe
- Size
  
  313KB
- MD5
  
  9aa8737202bac7dcc71ef4c77939f82b
- SHA1
  
  25b29b7274fb3ef7d16052f8400d24540621aff9
- SHA256
  
  a177d02e062d3068da14ad638fe58ce76d614fa15c1890f668747c61bd132aff
- SHA512
  
  aa55987a32b3e259376594df68a2008007353953a2bf390b44b908e5fdaee181d3b216aec46f8679aa5f5e4164a0a412511621c6249d3cab7e1eba86d8494a7a
- SSDEEP
  
  3072:UA0KubVwL+uacYOFq70W09SIg8DJn5MxfCpWLMRqfjDv/YheqiOL2bBO2:8Qpaw40r8IDYx64MRqfjD4jL
Score

10^/10

redline @rlreborn cloud tg: @fatherofcarders)discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

@rlreborn cloud tg: @fatherofcarders)redline

behavioral1

redline@rlreborn cloud tg: @fatherofcarders)discoveryinfostealerspywarestealer

behavioral2

redline@rlreborn cloud tg: @fatherofcarders)discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy