redline | 11283eacf56982ad438e1060d9f11763c365f8ffedcf8e17f798b051f1a394db | Triage

Submit
Reports

Overview

overview

Static

static

SomeOne.exe

windows7-x64

SomeOne.exe

windows10-2004-x64

Sharing

General

Target

SomeOne.exe
Size

297KB
Sample

240226-1d8kcsge54
MD5

336a39a3965dba11c37cb930c36a9d34
SHA1

36a66cd92beccb3c1433d6618da4b9aec4d5ae85
SHA256

11283eacf56982ad438e1060d9f11763c365f8ffedcf8e17f798b051f1a394db
SHA512

6f146427200216a012fb143cb4415b98023e88da54776a24c14cd13b229d754d8710fd52a32edfe32ef3bcfd72af0349bc1e665f750241e613fadcd3ac95e336
SSDEEP

3072:nqFFrqwIOGaHy9MGSwTc4klV4w5qv65TlacJTrcfHIicZqf7D34deqiOLCbBOy:qBIOGu4kcw5hlVJTrqzcZqf7DInL

Score

10^/10

redline someone discovery infostealer spyware stealer

Static task

static1

someone redline

3 signatures

Behavioral task

behavioral1

Sample

SomeOne.exe

Resource

win7-20240221-en

redline someone discovery infostealer spyware stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

SomeOne.exe

Resource

win10v2004-20240226-en

redline someone discovery infostealer spyware stealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

SomeOne

C2

67.203.7.148:2909

Targets

- Target
  
  SomeOne.exe
- Size
  
  297KB
- MD5
  
  336a39a3965dba11c37cb930c36a9d34
- SHA1
  
  36a66cd92beccb3c1433d6618da4b9aec4d5ae85
- SHA256
  
  11283eacf56982ad438e1060d9f11763c365f8ffedcf8e17f798b051f1a394db
- SHA512
  
  6f146427200216a012fb143cb4415b98023e88da54776a24c14cd13b229d754d8710fd52a32edfe32ef3bcfd72af0349bc1e665f750241e613fadcd3ac95e336
- SSDEEP
  
  3072:nqFFrqwIOGaHy9MGSwTc4klV4w5qv65TlacJTrcfHIicZqf7D34deqiOLCbBOy:qBIOGu4kcw5hlVJTrqzcZqf7DInL
Score

10^/10

redline someone discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinesomeonediscoveryinfostealerspywarestealer

behavioral2

redlinesomeonediscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy