redline | 688851b3d020213958e978a00a32113326d2ee66a6bfc5cceb279e393da2ea86 | Triage

Submit
Reports

Overview

overview

Static

static

3

688851b3d0...86.exe

windows7-x64

688851b3d0...86.exe

windows10-2004-x64

$TEMP/F1ga...ed.exe

windows7-x64

$TEMP/F1ga...ed.exe

windows10-2004-x64

$TEMP/Shortfalls.exe

windows7-x64

4

$TEMP/Shortfalls.exe

windows10-2004-x64

3

Sharing

General

Target

688851b3d020213958e978a00a32113326d2ee66a6bfc5cceb279e393da2ea86
Size

3.8MB
Sample

241221-tne78sspdk
MD5

61cdf7e4eca424c763178c94c7ef760f
SHA1

f2096fd54988dbf5a8a9dab58bbd2f919661c5ab
SHA256

688851b3d020213958e978a00a32113326d2ee66a6bfc5cceb279e393da2ea86
SHA512

6eb87a0bc294d6e4920fc82e9ae2ec397f2a3e31fde8a03644f21216e91aa27148b99e5ae8c92ef9a930ec20c9306a97b33e316fb8b8b981cde9a5df10920812
SSDEEP

98304:nyBQbqAIBax9N1kCvwYxgAmZtd6xcN2QBYMYhRkbp97:nyIioXwYOAgd6KX9Y/y3

Score

10^/10

redline discovery infostealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

688851b3d020213958e978a00a32113326d2ee66a6bfc5cceb279e393da2ea86.exe

Resource

win7-20240903-en

redline discovery infostealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

688851b3d020213958e978a00a32113326d2ee66a6bfc5cceb279e393da2ea86.exe

Resource

win10v2004-20241007-en

redline discovery infostealer

windows10-2004-x64

13 signatures

150 seconds

Behavioral task

behavioral3

Sample

$TEMP/F1gaSebe_crypted.exe

Resource

win7-20240903-en

redline discovery infostealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral4

Sample

$TEMP/F1gaSebe_crypted.exe

Resource

win10v2004-20241007-en

redline discovery infostealer

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral5

Sample

$TEMP/Shortfalls.exe

Resource

win7-20240903-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral6

Sample

$TEMP/Shortfalls.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

redline

C2

91.243.32.73:7171

Attributes

auth_value
f0eaa7ad30bc41521e3d61c8504e5715

Targets

- Target
  
  688851b3d020213958e978a00a32113326d2ee66a6bfc5cceb279e393da2ea86
- Size
  
  3.8MB
- MD5
  
  61cdf7e4eca424c763178c94c7ef760f
- SHA1
  
  f2096fd54988dbf5a8a9dab58bbd2f919661c5ab
- SHA256
  
  688851b3d020213958e978a00a32113326d2ee66a6bfc5cceb279e393da2ea86
- SHA512
  
  6eb87a0bc294d6e4920fc82e9ae2ec397f2a3e31fde8a03644f21216e91aa27148b99e5ae8c92ef9a930ec20c9306a97b33e316fb8b8b981cde9a5df10920812
- SSDEEP
  
  98304:nyBQbqAIBax9N1kCvwYxgAmZtd6xcN2QBYMYhRkbp97:nyIioXwYOAgd6KX9Y/y3
Score

10^/10

redline discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $TEMP/F1gaSebe_crypted.exe
- Size
  
  807KB
- MD5
  
  5f6b473388665e4c29cf86b97acd05f0
- SHA1
  
  6cc67923b21ef5df391b211243e9bca3f47851dc
- SHA256
  
  616ceb62d1c53a9837635e51abd73b8c717a9d20b1cc882d1420a46c385d8304
- SHA512
  
  de3253a8714558da0621dbfcf72e4bceeed563785158f2830061f54d6b14b6a1eeb5d7abf349b9566ebcbb38afc4a0f8757ef94eae58e4eea578a98b4633fd66
- SSDEEP
  
  12288:ymvQ2piRFz9kBAMKsikenkh52IdhvVjF:y+Smbj
Score

10^/10

redline discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  $TEMP/Shortfalls.exe
- Size
  
  3.6MB
- MD5
  
  1b8ae5c577608b9f780b3ad704679e0a
- SHA1
  
  4402007d8e5ca59fe704d543a417c77e39dce762
- SHA256
  
  039a6fd68c38bd081e9bca0181187df2653e501b5795d24ad6f895cf81c50bdf
- SHA512
  
  9cc97013331ef3d4fbce1d1656ee5a28c193a50eabbf8fd75f2f1a8c57c00d2b32f82bdb35896209e3d7e24babfed607656b6e4a11a910fa099fbc25340587b3
- SSDEEP
  
  98304:Gm+wj+XNf1GKVwspuM2ntX8RIx44l6MeNDkVly:262xwssMcX8q/bex2
Score

4^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealer

behavioral2

redlinediscoveryinfostealer

behavioral3

redlinediscoveryinfostealer

behavioral4

redlinediscoveryinfostealer

behavioral5

behavioral6

© 2018-2024

Terms | Privacy