redline | 53896a28c864d9849469b0d71efcb5ae0063f8b13c9bad6cfa040218b3de5a2d | Triage

Submit
Reports

Overview

overview

Static

static

virussign....c2.exe

windows7-x64

virussign....c2.exe

windows10-2004-x64

Sharing

General

Target

virussign.com_324cd2aa01131d3419364aef51cd95c2.vir
Size

297KB
Sample

240303-hteywaeh7y
MD5

324cd2aa01131d3419364aef51cd95c2
SHA1

bf31fe4a25cd9a83d59c03f6718a54838385ec3a
SHA256

53896a28c864d9849469b0d71efcb5ae0063f8b13c9bad6cfa040218b3de5a2d
SHA512

fea172b15721a761432b2e7db8919cd8ab8ae87c63e9a493864ccbc9a6f4d6bf793bd5bfa9eb26fe0ee075a1c8728383c5f672695a91cd84b67b0d845fccce11
SSDEEP

3072:nqFFrqwIOGaHy9MGSwTc4klV4w5qv65TlacJTrcfHIicZqf7D34deqiOLCbBOyj:qBIOGu4kcw5hlVJTrqzcZqf7DInLC

Score

10^/10

redline someone discovery infostealer spyware stealer

Static task

static1

someone redline

3 signatures

Behavioral task

behavioral1

Sample

virussign.com_324cd2aa01131d3419364aef51cd95c2.exe

Resource

win7-20240221-en

redline someone discovery infostealer spyware stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

virussign.com_324cd2aa01131d3419364aef51cd95c2.exe

Resource

win10v2004-20240226-en

redline someone discovery infostealer spyware stealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

SomeOne

C2

67.203.7.148:2909

Targets

- Target
  
  virussign.com_324cd2aa01131d3419364aef51cd95c2.vir
- Size
  
  297KB
- MD5
  
  324cd2aa01131d3419364aef51cd95c2
- SHA1
  
  bf31fe4a25cd9a83d59c03f6718a54838385ec3a
- SHA256
  
  53896a28c864d9849469b0d71efcb5ae0063f8b13c9bad6cfa040218b3de5a2d
- SHA512
  
  fea172b15721a761432b2e7db8919cd8ab8ae87c63e9a493864ccbc9a6f4d6bf793bd5bfa9eb26fe0ee075a1c8728383c5f672695a91cd84b67b0d845fccce11
- SSDEEP
  
  3072:nqFFrqwIOGaHy9MGSwTc4klV4w5qv65TlacJTrcfHIicZqf7D34deqiOLCbBOyj:qBIOGu4kcw5hlVJTrqzcZqf7DInLC
Score

10^/10

redline someone discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinesomeonediscoveryinfostealerspywarestealer

behavioral2

redlinesomeonediscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy