redline | 55654aa2658e9534d82f5c7763d8807c0fcf769b34119b42b0d456d56458edb2 | Triage

Submit
Reports

Overview

overview

Static

static

3

582cf0470b...00.exe

windows7-x64

582cf0470b...00.exe

windows10-2004-x64

Sharing

General

Target

2e501240ec8b9aab46d76a6504e44882.bin
Size

11.2MB
Sample

240305-bnnv9sah78
MD5

1f0957699f1e957de151288a169682fd
SHA1

b02116a9fc237aa174f022a1331dced1c97b5030
SHA256

55654aa2658e9534d82f5c7763d8807c0fcf769b34119b42b0d456d56458edb2
SHA512

98d5f5f90fc745df27e34a9a1392fd65fbcf94c8bb7b590d3680d1d071f4333e0e860b17f348d6dd7d4e20f2035a41068abd5cac01e8ed53161f0a69c31d1475
SSDEEP

196608:UjtYcNbNZgwFtUIGM8rECxUbvZ3hsWWnLXtCSHRyGRE22:Uj2cNJhtZG/rEjTZRZ2LdCS2

Score

10^/10

redline gg infostealer persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

582cf0470ba0d2c2ef2c3fee83442db0e345656f7d7c46ee5b613998fdd6ee00.exe

Resource

win7-20240221-en

redline gg infostealer persistence

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

582cf0470ba0d2c2ef2c3fee83442db0e345656f7d7c46ee5b613998fdd6ee00.exe

Resource

win10v2004-20240226-en

redline gg infostealer persistence

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

gg

C2

67.203.7.148:2909

Targets

- Target
  
  582cf0470ba0d2c2ef2c3fee83442db0e345656f7d7c46ee5b613998fdd6ee00.exe
- Size
  
  20.9MB
- MD5
  
  2e501240ec8b9aab46d76a6504e44882
- SHA1
  
  1a97d7662e66502faa5a7718565bb362eb6f27bd
- SHA256
  
  582cf0470ba0d2c2ef2c3fee83442db0e345656f7d7c46ee5b613998fdd6ee00
- SHA512
  
  eae4aacbfcee43ad8f9b2acbddb1b3b71c2aec0064bc6605107eb8b254614361c77984d09e7eabb91fc26634822ac448d8be884dd8f174021c52979690c2f97b
- SSDEEP
  
  98304:Kj1ZAxOCU3yUetDvB6ti3FOU8jRdqY9d2omTt20+NVZ:mAxOCU3yUetDvB6ti1aOTtlcVZ
Score

10^/10

redline gg infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinegginfostealerpersistence

behavioral2

redlinegginfostealerpersistence

© 2018-2024

Terms | Privacy