redline | c44c1e7f26b17b74b3650e6e728d02d4c1540fb9343ba49449bccc24d414a232 | Triage

Submit
Reports

Overview

overview

Static

static

3

582cf0470b...00.exe

windows7-x64

582cf0470b...00.exe

windows10-2004-x64

Sharing

General

Target

582cf0470ba0d2c2ef2c3fee83442db0e345656f7d7c46ee5b613998fdd6ee00.zip
Size

11.2MB
Sample

240303-sb844scg56
MD5

b48efca797e957f62154f5cecec71b49
SHA1

2af1600a575ed2e65933a9f5e30c869339cf1bf6
SHA256

c44c1e7f26b17b74b3650e6e728d02d4c1540fb9343ba49449bccc24d414a232
SHA512

0dd1b1d4e470d05b3db09479694178073fb3c11522d8259feb059d33db0626f9f730465b66109e22084b59b5c84d050a61229c01c6c8102190b2ea0a894a5649
SSDEEP

196608:66c7VWQMK2oaLNtEOcw2k42jjvh12TmdQY5LzvId2Gs+XrHtmwN8L5luX0t4M63R:66OVWc2oaLNqwm2j6T0zQQkBv8LCXRMu

Score

10^/10

redline gg discovery infostealer persistence spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

582cf0470ba0d2c2ef2c3fee83442db0e345656f7d7c46ee5b613998fdd6ee00.exe

Resource

win7-20240221-en

redline gg infostealer persistence

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

582cf0470ba0d2c2ef2c3fee83442db0e345656f7d7c46ee5b613998fdd6ee00.exe

Resource

win10v2004-20240226-en

redline gg discovery infostealer persistence spyware stealer

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

gg

C2

67.203.7.148:2909

Targets

- Target
  
  582cf0470ba0d2c2ef2c3fee83442db0e345656f7d7c46ee5b613998fdd6ee00.exe
- Size
  
  20.9MB
- MD5
  
  2e501240ec8b9aab46d76a6504e44882
- SHA1
  
  1a97d7662e66502faa5a7718565bb362eb6f27bd
- SHA256
  
  582cf0470ba0d2c2ef2c3fee83442db0e345656f7d7c46ee5b613998fdd6ee00
- SHA512
  
  eae4aacbfcee43ad8f9b2acbddb1b3b71c2aec0064bc6605107eb8b254614361c77984d09e7eabb91fc26634822ac448d8be884dd8f174021c52979690c2f97b
- SSDEEP
  
  98304:Kj1ZAxOCU3yUetDvB6ti3FOU8jRdqY9d2omTt20+NVZ:mAxOCU3yUetDvB6ti1aOTtlcVZ
Score

10^/10

redline gg infostealer persistence discovery spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinegginfostealerpersistence

behavioral2

redlineggdiscoveryinfostealerpersistencespywarestealer

© 2018-2024

Terms | Privacy