redline

General

Target

a.zip
Size

214KB
Sample

241130-vjqnvayqez
MD5

d47f5972b60dcb6fcdcea7f2c449f1c9
SHA1

d64dd1c297ccce13a7128557a324c3e07225d9aa
SHA256

91255689302bcda6ac485811f1e989044c6c7640ea1e9b4dc98bac20b7d3c926
SHA512

a74b716f49528449f54456f861bf5d3b5b400eef130be4ef2c0c24fe9ca703d7f4477ece8f6fc38b236addaf9aedab208bf42f0849a3551eb6ddab3dba50799c
SSDEEP

6144:8Kc9Bd776ePMXJ+ocEnTXxZXZtHa8sbcPLceeLmSa:Zc9TXgXJ+oVhrtalbcDjeLmSa

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

Diamotrix

C2

176.111.174.140:1912

Targets

- Target
  
  a.zip
- Size
  
  214KB
- MD5
  
  d47f5972b60dcb6fcdcea7f2c449f1c9
- SHA1
  
  d64dd1c297ccce13a7128557a324c3e07225d9aa
- SHA256
  
  91255689302bcda6ac485811f1e989044c6c7640ea1e9b4dc98bac20b7d3c926
- SHA512
  
  a74b716f49528449f54456f861bf5d3b5b400eef130be4ef2c0c24fe9ca703d7f4477ece8f6fc38b236addaf9aedab208bf42f0849a3551eb6ddab3dba50799c
- SSDEEP
  
  6144:8Kc9Bd776ePMXJ+ocEnTXxZXZtHa8sbcPLceeLmSa:Zc9TXgXJ+oVhrtalbcDjeLmSa
Score

10^/10

redline diamotrix discovery infostealer persistence pyinstaller spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  a/3k netflix accs.txt
- Size
  
  102KB
- MD5
  
  581836837a6f38b229bceca43dd04774
- SHA1
  
  2033f1327c38319f539203c2f265e5410ce1841f
- SHA256
  
  e0cb882faeee4a46ae7785b26c042fc472ebec5de324c128087e7aea847c2111
- SHA512
  
  2f1eddc0b5230c811cc23d9be0ce37264331af98d886248dd6e2194c88f13b8a2046b03aeefb59106e5468bc4bd618d2ff3ca8274a3c14bc74a287c7bf01c66b
- SSDEEP
  
  1536:0ZIq2sMlncxwEEYFTqF+eLFT6rqYxozhWaJfUI7Bpc+JRJ50Lm2NFJkCezryTPLW:0ZIqUAOoTq/6rqYxi0Lm2WCwWXVHV+
Score

1^/10
behavioral3 behavioral4
- Target
  
  a/Netflix Checker v0.2.2.exe
- Size
  
  1.3MB
- MD5
  
  a4327898c6814b4c3abfff706d1190a1
- SHA1
  
  e77787afb0ef28c577f133c5df3afa6f6235d83f
- SHA256
  
  06d0ec937e36ab2c995ee8fda4ea3299dcd5764c31ed4d6248f12d7d709e11a0
- SHA512
  
  f211a015cfddee4ad2eb68221ae277368f7d2091d4ffe450ca3c3c9ed0b6ea6f44a57b9e8918a2f9ed89018748858eb150138df7a36462aa9e9cf1688220c852
- SSDEEP
  
  6144:dwjTEJu+ax2jFVQ4KjaklytOkRiJhtO07OCtO:dwjIJuDx2HQ4QgiJ3
Score

10^/10

redline diamotrix discovery infostealer persistence pyinstaller spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral5 behavioral6