redline | b4a1e470f814bbcf1bc26c087eb513f4bab6165c90ecf43ac71dd87702561c30 | Triage

Submit
Reports

Overview

overview

Static

static

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

b4a1e470f814bbcf1bc26c087eb513f4bab6165c90ecf43ac71dd87702561c30
Size

297KB
Sample

240627-2796qaxdpf
MD5

5d860e52bfa60fec84b6a46661b45246
SHA1

1259e9f868d0d80ac09aadb9387662347cd4bd68
SHA256

b4a1e470f814bbcf1bc26c087eb513f4bab6165c90ecf43ac71dd87702561c30
SHA512

04ea5757d01508a44e0152b3aa78f530908da649d59b8ce7ee3e15c2d4d0314c97f346c1e79b1810edb27165d04781c022937d02536dc9b1dd4c55f023a47701
SSDEEP

3072:WqFFrqwIOGdTypEmz07sFPaF16CVyeR+LhdwT5TZMfvgZcZqf7D34NeqiOLCbBOy:tBIOG6hPPLd05TZaYcZqf7DI3L

Score

10^/10

redline ama discovery infostealer spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

b4a1e470f814bbcf1bc26c087eb513f4bab6165c90ecf43ac71dd87702561c30.exe

Resource

win7-20240508-en

redline ama infostealer

windows7-x64

2 signatures

300 seconds

Behavioral task

behavioral2

Sample

b4a1e470f814bbcf1bc26c087eb513f4bab6165c90ecf43ac71dd87702561c30.exe

Resource

win10-20240404-en

redline ama discovery infostealer spyware stealer

windows10-1703-x64

7 signatures

300 seconds

Malware Config

Extracted

Family

redline

Botnet

AMA

C2

185.215.113.67:40960

Targets

- Target
  
  b4a1e470f814bbcf1bc26c087eb513f4bab6165c90ecf43ac71dd87702561c30
- Size
  
  297KB
- MD5
  
  5d860e52bfa60fec84b6a46661b45246
- SHA1
  
  1259e9f868d0d80ac09aadb9387662347cd4bd68
- SHA256
  
  b4a1e470f814bbcf1bc26c087eb513f4bab6165c90ecf43ac71dd87702561c30
- SHA512
  
  04ea5757d01508a44e0152b3aa78f530908da649d59b8ce7ee3e15c2d4d0314c97f346c1e79b1810edb27165d04781c022937d02536dc9b1dd4c55f023a47701
- SSDEEP
  
  3072:WqFFrqwIOGdTypEmz07sFPaF16CVyeR+LhdwT5TZMfvgZcZqf7D34NeqiOLCbBOy:tBIOG6hPPLd05TZaYcZqf7DI3L
Score

10^/10

redline ama infostealer discovery spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlineamainfostealer

behavioral2

redlineamadiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy