redline | 30d995dc0ef6dfcba441aa7dd0fea9f0b06b45761e41262ebd28985b07b531bf | Triage

Submit
Reports

Overview

overview

Static

static

3

b3b2087943...b3.exe

windows7-x64

7

b3b2087943...b3.exe

windows10-2004-x64

Sharing

General

Target

b3b20879435d7d70a86da573a957fcb3.exe
Size

15.2MB
Sample

240528-snfnbsaa7s
MD5

b3b20879435d7d70a86da573a957fcb3
SHA1

bd2f12135c006bc472f4b1df3b6262015c58d84b
SHA256

30d995dc0ef6dfcba441aa7dd0fea9f0b06b45761e41262ebd28985b07b531bf
SHA512

eba24fa9b458b084f131a7f546d8ad0758f06ea87ac151265826f07de642bf3f8cf991cf39421b82de272720e4ce6c90fc190266d34ace6cd6efdd1a3eef37ef
SSDEEP

393216:TCvQ2nevfp3uEJWQsUcR4NzK1+TtIirvB5IjWqkzw:z2evB3uEYQFS1QtIo3ILr

Score

10^/10

redline raijin, mybestdog discovery infostealer pyinstaller spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

b3b20879435d7d70a86da573a957fcb3.exe

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

b3b20879435d7d70a86da573a957fcb3.exe

Resource

win10v2004-20240508-en

redline raijin, mybestdog discovery infostealer spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

Raijin, Mybestdog

C2

51.195.53.197:13914

Targets

- Target
  
  b3b20879435d7d70a86da573a957fcb3.exe
- Size
  
  15.2MB
- MD5
  
  b3b20879435d7d70a86da573a957fcb3
- SHA1
  
  bd2f12135c006bc472f4b1df3b6262015c58d84b
- SHA256
  
  30d995dc0ef6dfcba441aa7dd0fea9f0b06b45761e41262ebd28985b07b531bf
- SHA512
  
  eba24fa9b458b084f131a7f546d8ad0758f06ea87ac151265826f07de642bf3f8cf991cf39421b82de272720e4ce6c90fc190266d34ace6cd6efdd1a3eef37ef
- SSDEEP
  
  393216:TCvQ2nevfp3uEJWQsUcR4NzK1+TtIirvB5IjWqkzw:z2evB3uEYQFS1QtIo3ILr
Score

10^/10

redline raijin, mybestdog discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

redlineraijin, mybestdogdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy