redline | bcbdd1065dc9b66a07d5a55ae135c6094d3adf281096f55fbab12b48f84edc79 | Triage

Submit
Reports

Overview

overview

Static

static

3

0b9ee92def...25.exe

windows7-x64

0b9ee92def...25.exe

windows10-2004-x64

Sharing

General

Target

0b9ee92def8b51187620c6c4a261bb25.exe
Size

784KB
Sample

240422-29pb2ahe88
MD5

0b9ee92def8b51187620c6c4a261bb25
SHA1

716a87b7bcee2f406cf15a77d950148271daae43
SHA256

bcbdd1065dc9b66a07d5a55ae135c6094d3adf281096f55fbab12b48f84edc79
SHA512

68c42e3a1ef0dbebed0c7783d953373dada3e292fd4728cf0870327015efa64e814bb05109eddc35f749e266130bc51421f570ad94437dfa842625c4908ba50b
SSDEEP

24576:8bOPsfamTSqVjX7+CEw3zq0Dd+82AyPurkgiImYBn5:mIsfr+qJ6CEyzq0Db73BZl5

Score

10^/10

redline new discovery infostealer spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0b9ee92def8b51187620c6c4a261bb25.exe

Resource

win7-20240221-en

redline new discovery infostealer spyware stealer

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

0b9ee92def8b51187620c6c4a261bb25.exe

Resource

win10v2004-20240412-en

redline new discovery infostealer spyware stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

new

C2

91.92.250.88:16964

Targets

- Target
  
  0b9ee92def8b51187620c6c4a261bb25.exe
- Size
  
  784KB
- MD5
  
  0b9ee92def8b51187620c6c4a261bb25
- SHA1
  
  716a87b7bcee2f406cf15a77d950148271daae43
- SHA256
  
  bcbdd1065dc9b66a07d5a55ae135c6094d3adf281096f55fbab12b48f84edc79
- SHA512
  
  68c42e3a1ef0dbebed0c7783d953373dada3e292fd4728cf0870327015efa64e814bb05109eddc35f749e266130bc51421f570ad94437dfa842625c4908ba50b
- SSDEEP
  
  24576:8bOPsfamTSqVjX7+CEw3zq0Dd+82AyPurkgiImYBn5:mIsfr+qJ6CEyzq0Db73BZl5
Score

10^/10

redline new discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Process Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinenewdiscoveryinfostealerspywarestealer

behavioral2

redlinenewdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy