redline | 53e9bec7369824cc6c1c0823afd428d6c8b3156870527b72916c1cb898e3f43d | Triage

Submit
Reports

Overview

overview

Static

static

dcf8679430...09.exe

windows7-x64

dcf8679430...09.exe

windows10-2004-x64

Sharing

General

Target

dcf8679430bc69cfc5eb65f4dabf4f09.exe
Size

305KB
Sample

240424-pwrtsaaa84
MD5

dcf8679430bc69cfc5eb65f4dabf4f09
SHA1

9710f630423d29c6f3b5896eb47de41a57086275
SHA256

53e9bec7369824cc6c1c0823afd428d6c8b3156870527b72916c1cb898e3f43d
SHA512

3e685e2cae493a05c8a5a13d9513cb9b2e94054e7da92a34e87d2eba549e43801664e0beaa3229d9f4389911868bd31a66563c445055e18e648d7c893299b2bf
SSDEEP

6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/

Score

10^/10

redline spoo discovery infostealer spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

dcf8679430bc69cfc5eb65f4dabf4f09.exe

Resource

win7-20231129-en

redline spoo discovery infostealer spyware stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

dcf8679430bc69cfc5eb65f4dabf4f09.exe

Resource

win10v2004-20240412-en

redline spoo discovery infostealer spyware stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

spoo

C2

103.113.70.99:2630

Targets

- Target
  
  dcf8679430bc69cfc5eb65f4dabf4f09.exe
- Size
  
  305KB
- MD5
  
  dcf8679430bc69cfc5eb65f4dabf4f09
- SHA1
  
  9710f630423d29c6f3b5896eb47de41a57086275
- SHA256
  
  53e9bec7369824cc6c1c0823afd428d6c8b3156870527b72916c1cb898e3f43d
- SHA512
  
  3e685e2cae493a05c8a5a13d9513cb9b2e94054e7da92a34e87d2eba549e43801664e0beaa3229d9f4389911868bd31a66563c445055e18e648d7c893299b2bf
- SSDEEP
  
  6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Score

10^/10

redline spoo discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinespoodiscoveryinfostealerspywarestealer

behavioral2

redlinespoodiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy