redline | e252b3a5905c2493df2d5c0aa542ef5222f4df3bb502a0956dc4245d98b33b92 | Triage

Submit
Reports

Overview

overview

Static

static

3

e252b3a590...92.exe

windows7-x64

e252b3a590...92.exe

windows10-2004-x64

Sharing

General

Target

e252b3a5905c2493df2d5c0aa542ef5222f4df3bb502a0956dc4245d98b33b92
Size

575KB
Sample

241113-d47z7awamg
MD5

ebb324cc6b2c41b7b17c8ad426eeabf7
SHA1

e68f5e1f9f624ac51eb0132be1b0d45d397c31a8
SHA256

e252b3a5905c2493df2d5c0aa542ef5222f4df3bb502a0956dc4245d98b33b92
SHA512

0f916452902f174f3545ebff7665eacd255b7749737a0419c737cfd33d0645321959b63dda86aac0b29372f76e628bb9acc1b84dbaa707e6d71e903b182f828b
SSDEEP

12288:891WnKygIjVozbSH0IUADHHZgIT4G0cIKds3N:U1RIjFH0IUKHH2IxIKE

Score

10^/10

redline gena discovery infostealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e252b3a5905c2493df2d5c0aa542ef5222f4df3bb502a0956dc4245d98b33b92.exe

Resource

win7-20240729-en

redline gena discovery infostealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

e252b3a5905c2493df2d5c0aa542ef5222f4df3bb502a0956dc4245d98b33b92.exe

Resource

win10v2004-20241007-en

redline gena discovery infostealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes

auth_value
d05bf43eef533e262271449829751d07

Targets

- Target
  
  e252b3a5905c2493df2d5c0aa542ef5222f4df3bb502a0956dc4245d98b33b92
- Size
  
  575KB
- MD5
  
  ebb324cc6b2c41b7b17c8ad426eeabf7
- SHA1
  
  e68f5e1f9f624ac51eb0132be1b0d45d397c31a8
- SHA256
  
  e252b3a5905c2493df2d5c0aa542ef5222f4df3bb502a0956dc4245d98b33b92
- SHA512
  
  0f916452902f174f3545ebff7665eacd255b7749737a0419c737cfd33d0645321959b63dda86aac0b29372f76e628bb9acc1b84dbaa707e6d71e903b182f828b
- SSDEEP
  
  12288:891WnKygIjVozbSH0IUADHHZgIT4G0cIKds3N:U1RIjFH0IUKHH2IxIKE
Score

10^/10

redline gena discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinegenadiscoveryinfostealer

behavioral2

redlinegenadiscoveryinfostealer

© 2018-2024

Terms | Privacy