redline | 31dd0e69fb3a0a0999aa228d766e36033bbf1e482bdb93912705850badfba7b0 | Triage

Submit
Reports

Overview

overview

Static

static

3

stl.exe

windows7-x64

stl.exe

windows10-1703-x64

stl.exe

windows10-2004-x64

stl.exe

windows11-21h2-x64

Sharing

General

Target

stl.exe
Size

511KB
Sample

240627-3fz24s1bmm
MD5

2d92c64d986c4640e4cb5bc41cb38821
SHA1

bfc8e36ac6e2e8e6d44cfbc421307bbd58036dd5
SHA256

31dd0e69fb3a0a0999aa228d766e36033bbf1e482bdb93912705850badfba7b0
SHA512

4975350e13824fe78e937fe9cf84f86d6de502e588cf219ba2d73a171b74af4382b6b134033cc4cb590a6068299422834192bc52613161d2ee362b6464caa962
SSDEEP

12288:A0NJCJ5go5P8YJ1ujzKSmWmfiV2gyZKa+oMXArnPsUx7GqnfYZr8uEFk:JDCAoZuaSmWm

Score

10^/10

redline 06-25-24 discovery infostealer spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

stl.exe

Resource

win7-20240611-en

redline 06-25-24 infostealer

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

stl.exe

Resource

win10-20240404-en

redline 06-25-24 infostealer

windows10-1703-x64

5 signatures

150 seconds

Behavioral task

behavioral3

Sample

stl.exe

Resource

win10v2004-20240508-en

redline 06-25-24 infostealer

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral4

Sample

stl.exe

Resource

win11-20240508-en

redline 06-25-24 discovery infostealer spyware stealer

windows11-21h2-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

06-25-24

C2

85.28.47.7:17210

Targets

- Target
  
  stl.exe
- Size
  
  511KB
- MD5
  
  2d92c64d986c4640e4cb5bc41cb38821
- SHA1
  
  bfc8e36ac6e2e8e6d44cfbc421307bbd58036dd5
- SHA256
  
  31dd0e69fb3a0a0999aa228d766e36033bbf1e482bdb93912705850badfba7b0
- SHA512
  
  4975350e13824fe78e937fe9cf84f86d6de502e588cf219ba2d73a171b74af4382b6b134033cc4cb590a6068299422834192bc52613161d2ee362b6464caa962
- SSDEEP
  
  12288:A0NJCJ5go5P8YJ1ujzKSmWmfiV2gyZKa+oMXArnPsUx7GqnfYZr8uEFk:JDCAoZuaSmWm
Score

10^/10

redline 06-25-24 infostealer discovery spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redline06-25-24infostealer

behavioral2

redline06-25-24infostealer

behavioral3

redline06-25-24infostealer

behavioral4

redline06-25-24discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy