redline | d47e5b2f2e7ceaaa0ed233fa834340859543b4b52f79f56d1524e5ff59ff7458 | Triage

Submit
Reports

Overview

overview

Static

static

3

d47e5b2f2e...58.exe

windows7-x64

d47e5b2f2e...58.exe

windows10-2004-x64

Sharing

General

Target

d47e5b2f2e7ceaaa0ed233fa834340859543b4b52f79f56d1524e5ff59ff7458.exe
Size

325KB
Sample

240423-cddg8abd9t
MD5

c1ccdae0143c09701899efb5bbdd9e10
SHA1

c2d598b52379983d8e9e92d5da3f0412c474eff2
SHA256

d47e5b2f2e7ceaaa0ed233fa834340859543b4b52f79f56d1524e5ff59ff7458
SHA512

df28c24b060467de8ff4a2e464062ef3d12d2dfbb493d28b3a5b6d494e19797081da61140695e4f346bd9edc03a20e6252553695b6dcfe329c33744daba7c497
SSDEEP

6144:q7XPXBi74sHg9Nvhq6AXK4AjOqWvzTkGmXS:qFOHg9QOWvzzmXS

Score

10^/10

redline 7001210066 infostealer spyware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d47e5b2f2e7ceaaa0ed233fa834340859543b4b52f79f56d1524e5ff59ff7458.exe

Resource

win7-20240220-en

redline 7001210066 infostealer spyware

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

d47e5b2f2e7ceaaa0ed233fa834340859543b4b52f79f56d1524e5ff59ff7458.exe

Resource

win10v2004-20240412-en

redline 7001210066 infostealer spyware

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

7001210066

C2

https://pastebin.com/raw/KE5Mft0T

Targets

- Target
  
  d47e5b2f2e7ceaaa0ed233fa834340859543b4b52f79f56d1524e5ff59ff7458.exe
- Size
  
  325KB
- MD5
  
  c1ccdae0143c09701899efb5bbdd9e10
- SHA1
  
  c2d598b52379983d8e9e92d5da3f0412c474eff2
- SHA256
  
  d47e5b2f2e7ceaaa0ed233fa834340859543b4b52f79f56d1524e5ff59ff7458
- SHA512
  
  df28c24b060467de8ff4a2e464062ef3d12d2dfbb493d28b3a5b6d494e19797081da61140695e4f346bd9edc03a20e6252553695b6dcfe329c33744daba7c497
- SSDEEP
  
  6144:q7XPXBi74sHg9Nvhq6AXK4AjOqWvzTkGmXS:qFOHg9QOWvzzmXS
Score

10^/10

redline 7001210066 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redline7001210066infostealerspyware

behavioral2

redline7001210066infostealerspyware

© 2018-2024

Terms | Privacy