redline | d53489dc94909b5311f4aa5e28f766dc836f135cc6a1418c6f371a659a024d8d | Triage

Submit
Reports

Overview

overview

Static

static

3

file.exe

windows7-x64

1

file.exe

windows10-2004-x64

Sharing

General

Target

file.exe
Size

489KB
Sample

240430-3dnw3aad2x
MD5

4d17fb12478532b67c678512420bee52
SHA1

e9bbe139c41279afe78874d8aa00e7c660aef1f0
SHA256

d53489dc94909b5311f4aa5e28f766dc836f135cc6a1418c6f371a659a024d8d
SHA512

1693917d2cc7397c8c5de606fbffd272d2a35734e51232c63bed807e1b0f51957c2b65e8e0efed46ccab712383d607a39e35d13d3bc7de1e98fca53729bf9ef5
SSDEEP

6144:Eg4e4T9nr4MVSXQ5igPlID/MeVoQnKP2i+y4QIhI0v/u3fmeSPyJgeyrjPb1:Ae4T9EgLPGMeJnKPuyXG/SNSZjP

Score

10^/10

redline @logscloudyt_bot discovery infostealer spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

file.exe

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

file.exe

Resource

win10v2004-20240426-en

redline @logscloudyt_bot discovery infostealer spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

@LOGSCLOUDYT_BOT

C2

185.172.128.33:8970

Targets

- Target
  
  file.exe
- Size
  
  489KB
- MD5
  
  4d17fb12478532b67c678512420bee52
- SHA1
  
  e9bbe139c41279afe78874d8aa00e7c660aef1f0
- SHA256
  
  d53489dc94909b5311f4aa5e28f766dc836f135cc6a1418c6f371a659a024d8d
- SHA512
  
  1693917d2cc7397c8c5de606fbffd272d2a35734e51232c63bed807e1b0f51957c2b65e8e0efed46ccab712383d607a39e35d13d3bc7de1e98fca53729bf9ef5
- SSDEEP
  
  6144:Eg4e4T9nr4MVSXQ5igPlID/MeVoQnKP2i+y4QIhI0v/u3fmeSPyJgeyrjPb1:Ae4T9EgLPGMeJnKPuyXG/SNSZjP
Score

10^/10

redline @logscloudyt_bot discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

redline@logscloudyt_botdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy