redline | 10df04c2c19b07effef5a2b118ec099e6fb9d98a10e98ae2b6945fa4004dd444 | Triage

Submit
Reports

Overview

overview

Static

static

3

255cb2aeea...a7.exe

windows7-x64

255cb2aeea...a7.exe

windows10-2004-x64

Sharing

General

Target

10df04c2c19b07effef5a2b118ec099e6fb9d98a10e98ae2b6945fa4004dd444
Size

13.2MB
Sample

241109-q18hrsvhpp
MD5

03c0597e81e58bdf1e0dc7c181798052
SHA1

ded04185db926672b2efc03dc4029ff72b87be52
SHA256

10df04c2c19b07effef5a2b118ec099e6fb9d98a10e98ae2b6945fa4004dd444
SHA512

ba74296677bacc942d751f09a308b2710942806aa6ebbeb7d46855201cd0c19b87b2dc7d92b789734a4793a0453b06e4482751d8944533c8b9f4cc8936b29325
SSDEEP

196608:VwnulVi7y1kWz3Jr9MCg5N9zOfUhoQFuFnglllfNMHYRxILVMSI/R84h:+u++DLJry7N9KfUqQ8FgnlfN825h

Score

10^/10

redline 5350206221 credential_access discovery infostealer stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

255cb2aeeac6f7dd8359b29b0fbbb02122683894e061b6b305684e396fef85a7.exe

Resource

win7-20240903-en

redline 5350206221 discovery infostealer upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

255cb2aeeac6f7dd8359b29b0fbbb02122683894e061b6b305684e396fef85a7.exe

Resource

win10v2004-20241007-en

redline 5350206221 credential_access discovery infostealer stealer upx

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

5350206221

C2

195.20.17.139:80

Attributes

auth_value
cf75908d75b4508135a38c8679c86f6e

Targets

- Target
  
  255cb2aeeac6f7dd8359b29b0fbbb02122683894e061b6b305684e396fef85a7.exe
- Size
  
  13.5MB
- MD5
  
  9f390e9ca00464a6f7e1ce321baceb22
- SHA1
  
  d5d813e0bad5c64cd95b23919eba1432778b7965
- SHA256
  
  255cb2aeeac6f7dd8359b29b0fbbb02122683894e061b6b305684e396fef85a7
- SHA512
  
  54b958487f40537c80374acb37d0cec27bb169fc5549768fb05a161de1a10546cea7c6be1d59df5fb615ed8285f0bf03f33203a1ec0a28fcc6694497e6a6ee2f
- SSDEEP
  
  393216:M1xsX4B8eD3F+oI9KtC9I5cfZLxsaZf4nT70mrsMYd:M1GI9FQmOfZLSP0Qc
Score

10^/10

redline 5350206221 discovery infostealer upx credential_access stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Detected Nirsoft tools
  Free utilities often used by attackers which can steal passwords, product keys, etc.
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Modify Authentication Process

Privilege Escalation

Defense Evasion

Modify Authentication Process

Credential Access

Modify Authentication Process

Steal Web Session Cookie

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline5350206221discoveryinfostealerupx

behavioral2

redline5350206221credential_accessdiscoveryinfostealerstealerupx

© 2018-2024

Terms | Privacy