redline | d504010bc91d49f497258c5cf3cc09608b22676c61a3c3a904ed5f6ce20a9ad7 | Triage

Submit
Reports

Overview

overview

Static

static

3

d504010bc9...7N.exe

windows7-x64

d504010bc9...7N.exe

windows10-2004-x64

Sharing

General

Target

d504010bc91d49f497258c5cf3cc09608b22676c61a3c3a904ed5f6ce20a9ad7N.exe
Size

582KB
Sample

241116-cfkz3swqds
MD5

c8ec649979379a72fff2076ce828de90
SHA1

96fd087a80dc44f3592cdb047ab673831a4bc90b
SHA256

d504010bc91d49f497258c5cf3cc09608b22676c61a3c3a904ed5f6ce20a9ad7
SHA512

68c3f842f21732c64dcb3f3b710ebd6d04e604e089ab1dbeb59c44fde40d32853fa902da15515e4fdd7f1a1edd12f2a84bf477c60d4a4e8985c28c10d7b9eb3b
SSDEEP

12288:J71d9GZJOFHzMHUl/ilYMUp4AU/tRI7hra:l1uE9p6lZUGAOI78

Score

10^/10

redline gena discovery infostealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d504010bc91d49f497258c5cf3cc09608b22676c61a3c3a904ed5f6ce20a9ad7N.exe

Resource

win7-20240729-en

redline gena discovery infostealer

windows7-x64

9 signatures

120 seconds

Behavioral task

behavioral2

Sample

d504010bc91d49f497258c5cf3cc09608b22676c61a3c3a904ed5f6ce20a9ad7N.exe

Resource

win10v2004-20241007-en

redline gena discovery infostealer

windows10-2004-x64

10 signatures

120 seconds

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes

auth_value
d05bf43eef533e262271449829751d07

Targets

- Target
  
  d504010bc91d49f497258c5cf3cc09608b22676c61a3c3a904ed5f6ce20a9ad7N.exe
- Size
  
  582KB
- MD5
  
  c8ec649979379a72fff2076ce828de90
- SHA1
  
  96fd087a80dc44f3592cdb047ab673831a4bc90b
- SHA256
  
  d504010bc91d49f497258c5cf3cc09608b22676c61a3c3a904ed5f6ce20a9ad7
- SHA512
  
  68c3f842f21732c64dcb3f3b710ebd6d04e604e089ab1dbeb59c44fde40d32853fa902da15515e4fdd7f1a1edd12f2a84bf477c60d4a4e8985c28c10d7b9eb3b
- SSDEEP
  
  12288:J71d9GZJOFHzMHUl/ilYMUp4AU/tRI7hra:l1uE9p6lZUGAOI78
Score

10^/10

redline gena discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinegenadiscoveryinfostealer

behavioral2

redlinegenadiscoveryinfostealer

© 2018-2024

Terms | Privacy