redline | cedfb47b22871e12b67b3d7d01e4eb1bcad63bf61dfab89db5acde64cc12832b | Triage

Submit
Reports

Overview

overview

Static

static

3

tmp.exe

windows7-x64

tmp.exe

windows10-2004-x64

Sharing

General

Target

tmp
Size

990KB
Sample

240424-nfvp3ahc26
MD5

9056dca80b3431615d63b13b72ca143c
SHA1

cf9122b3b7f57f0f4cd6ff8303417f1f6279a80c
SHA256

cedfb47b22871e12b67b3d7d01e4eb1bcad63bf61dfab89db5acde64cc12832b
SHA512

13a26a8d261ff4c6d83158ea0d7d99aac670159fca9f2a6b1e180ed9be1bdd5abdceab2fc232774f828c61d3aa267f29cebc22fe3d276fd0ae8d7e4681f38fb2
SSDEEP

12288:dRMAkWbP+k/ldbNxhZcKMMbm8gtnwaJioTTQ3AwHuwZ+U4cxV0q4Z5g1:HMAkCP+k/l7xhZcKMwmSajn/U4cO2

Score

10^/10

redline 900751123 discovery infostealer spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

tmp.exe

Resource

win7-20240221-en

redline infostealer

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

tmp.exe

Resource

win10v2004-20240412-en

redline 900751123 discovery infostealer spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

900751123

C2

https://pastebin.com/raw/KE5Mft0T

Targets

- Target
  
  tmp
- Size
  
  990KB
- MD5
  
  9056dca80b3431615d63b13b72ca143c
- SHA1
  
  cf9122b3b7f57f0f4cd6ff8303417f1f6279a80c
- SHA256
  
  cedfb47b22871e12b67b3d7d01e4eb1bcad63bf61dfab89db5acde64cc12832b
- SHA512
  
  13a26a8d261ff4c6d83158ea0d7d99aac670159fca9f2a6b1e180ed9be1bdd5abdceab2fc232774f828c61d3aa267f29cebc22fe3d276fd0ae8d7e4681f38fb2
- SSDEEP
  
  12288:dRMAkWbP+k/ldbNxhZcKMMbm8gtnwaJioTTQ3AwHuwZ+U4cxV0q4Z5g1:HMAkCP+k/l7xhZcKMwmSajn/U4cO2
Score

10^/10

redline infostealer 900751123 discovery spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlineinfostealer

behavioral2

redline900751123discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy