redline | cb4a22756f39ea5c69e24772b8eb6d004962196c683cc2d7742eb89e65836890 | Triage

Submit
Reports

Overview

overview

Static

static

3

39382629.exe

windows7-x64

39382629.exe

windows10-2004-x64

Sharing

General

Target

39382629.exe
Size

1.0MB
Sample

241225-lmntzs1rgr
MD5

e8baebcd4279a203d5d3b6b21f753e5b
SHA1

60382eed3e26e8b20830749b0c1a872057fd362e
SHA256

cb4a22756f39ea5c69e24772b8eb6d004962196c683cc2d7742eb89e65836890
SHA512

2624efc40e014e44f5cb9e3628d1d9c01d3424a9e48c2cc13d6d67de891d913dd055f1c615c6827d83e20807b12ddb722166c5c7ec7cd2c262f51e8c058c822d
SSDEEP

24576:Wj30ivvE/4NzF4xuY9lOJ9IQ32vfeSKzk0Oq3Gf:Wjki3E/44x3bOp2fqxOO

Score

10^/10

redline bot discovery infostealer spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

39382629.exe

Resource

win7-20240708-en

redline bot discovery infostealer spyware stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

39382629.exe

Resource

win10v2004-20241007-en

redline bot discovery infostealer spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

BOT

C2

87.120.120.7:1912

Targets

- Target
  
  39382629.exe
- Size
  
  1.0MB
- MD5
  
  e8baebcd4279a203d5d3b6b21f753e5b
- SHA1
  
  60382eed3e26e8b20830749b0c1a872057fd362e
- SHA256
  
  cb4a22756f39ea5c69e24772b8eb6d004962196c683cc2d7742eb89e65836890
- SHA512
  
  2624efc40e014e44f5cb9e3628d1d9c01d3424a9e48c2cc13d6d67de891d913dd055f1c615c6827d83e20807b12ddb722166c5c7ec7cd2c262f51e8c058c822d
- SSDEEP
  
  24576:Wj30ivvE/4NzF4xuY9lOJ9IQ32vfeSKzk0Oq3Gf:Wjki3E/44x3bOp2fqxOO
Score

10^/10

redline bot discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinebotdiscoveryinfostealerspywarestealer

behavioral2

redlinebotdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy