redline | 8f150114b4d2d9b1de24ff8b6eef3706935868d54464c68b9b0ad1c4c8a962d7 | Triage

Submit
Reports

Overview

overview

Static

static

3

679d5cdadc...2d.exe

windows7-x64

679d5cdadc...2d.exe

windows10-2004-x64

Sharing

General

Target

679d5cdadcc48fa79574ce12e8d0fd2e19823dc4b7e39a84b5b286672f45a72d.zip
Size

1.6MB
Sample

240402-qs211sbd9z
MD5

8d52710645dc281f9ef0ca4fa91d62f7
SHA1

b3b98dfce5a0c56235e52dd2a880a59e7d3297ac
SHA256

8f150114b4d2d9b1de24ff8b6eef3706935868d54464c68b9b0ad1c4c8a962d7
SHA512

fc0b6de6952c448730552e6bebce07aac8d88dba7c32d7e177f46ad0dedadda7c6ff62f06d4d9f9666748cbf2e57c1458dda565d83c2ee2331b4313858a2a472
SSDEEP

49152:FZT60lh0VSoZ95fmMbkR4kIS+DUti11es8xq6/:jw95Dbwx5+DUwnesHC

Score

10^/10

redline 1 discovery infostealer spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

679d5cdadcc48fa79574ce12e8d0fd2e19823dc4b7e39a84b5b286672f45a72d.exe

Resource

win7-20240221-en

redline 1 discovery infostealer spyware stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

679d5cdadcc48fa79574ce12e8d0fd2e19823dc4b7e39a84b5b286672f45a72d.exe

Resource

win10v2004-20240226-en

redline 1 discovery infostealer spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

1

C2

77.221.156.45:18734

Targets

- Target
  
  679d5cdadcc48fa79574ce12e8d0fd2e19823dc4b7e39a84b5b286672f45a72d.exe
- Size
  
  1.9MB
- MD5
  
  1a933b075452db624a756f76662a0614
- SHA1
  
  264bedf3867851461ea52b75650f414fcebb61ef
- SHA256
  
  679d5cdadcc48fa79574ce12e8d0fd2e19823dc4b7e39a84b5b286672f45a72d
- SHA512
  
  8f84c2c548d5774c5e942cef1dc5e0eb6e82a79d22a30b636bf0a98fad535cfab5e77a380c1c167ea33caca1ee397e64490eff0672cc915d1c8e797eb63e1071
- SSDEEP
  
  24576:GubsnafAPyjSzuubsnafAPyjZrilCQZCC3kmnrAa1rmqUeIiVfox2oTVZHeBFpUH:YI4wI1iln73XnrA0dqiFoHcpfi/Znqh0
Score

10^/10

redline 1 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redline1discoveryinfostealerspywarestealer

behavioral2

redline1discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy