redline | a16fd6417221b9f760ee7417a78751d6621726e8d76ab8e82954596c8e99d79c | Triage

Submit
Reports

Overview

overview

Static

static

3

po4877383.exe

windows7-x64

po4877383.exe

windows10-2004-x64

Sharing

General

Target

po4877383.exe
Size

816KB
Sample

241202-l2yyhawlfq
MD5

a4fa8bbf123fa899ae788e1cf6b27d98
SHA1

e0866c961ba217c7a1dc4345cbade4d5f4deade4
SHA256

a16fd6417221b9f760ee7417a78751d6621726e8d76ab8e82954596c8e99d79c
SHA512

3eab239a9792b32b975271f28f8dd66e10c9f42ab38dbbc610e0e68de647cbf44d1e36ced85a5f976dbb702e61e7f227d61eb138d0c6d8f5e4ccf541ee3b4c1e
SSDEEP

12288:0+YNQKbM0NWWUV8v4oX3ZcPc9crEee9jc8zeb8BXw/ORnNyAd1n2l5usx+Xt7:0+QfWagwp9cbe28zeY4ORgrx

Score

10^/10

redline logs discovery infostealer spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

po4877383.exe

Resource

win7-20240903-en

redline logs discovery infostealer spyware stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

po4877383.exe

Resource

win10v2004-20241007-en

redline logs discovery infostealer spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

LOGS

C2

87.120.120.86:1912

Targets

- Target
  
  po4877383.exe
- Size
  
  816KB
- MD5
  
  a4fa8bbf123fa899ae788e1cf6b27d98
- SHA1
  
  e0866c961ba217c7a1dc4345cbade4d5f4deade4
- SHA256
  
  a16fd6417221b9f760ee7417a78751d6621726e8d76ab8e82954596c8e99d79c
- SHA512
  
  3eab239a9792b32b975271f28f8dd66e10c9f42ab38dbbc610e0e68de647cbf44d1e36ced85a5f976dbb702e61e7f227d61eb138d0c6d8f5e4ccf541ee3b4c1e
- SSDEEP
  
  12288:0+YNQKbM0NWWUV8v4oX3ZcPc9crEee9jc8zeb8BXw/ORnNyAd1n2l5usx+Xt7:0+QfWagwp9cbe28zeY4ORgrx
Score

10^/10

redline logs discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinelogsdiscoveryinfostealerspywarestealer

behavioral2

redlinelogsdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy