redline | 6ddc127f290360a3355bf8810ae441c8ee1cd9d52581faff36bdc8b40463b559 | Triage

Submit
Reports

Overview

overview

Static

static

3

abc5d7e2fe...2c.exe

windows7-x64

abc5d7e2fe...2c.exe

windows10-2004-x64

Sharing

General

Target

ebf299e666dd6d5e2e2bc6ceb3761665.bin
Size

648KB
Sample

240628-dv5tga1ekl
MD5

75b50e7d0b5839bd11fb9ea35b073425
SHA1

2e0fc468c9b7ae4b52b007d2fb110a35bbf3e3c1
SHA256

6ddc127f290360a3355bf8810ae441c8ee1cd9d52581faff36bdc8b40463b559
SHA512

9eae15f5fd70d3edf93c4c155879bd4907afdcc9a6d9e324f6ba0c405acdd43247506ff8cd158a00ecc7e3b3161f6e521ecc5ec3a5b07e58669da945be1fbde1
SSDEEP

12288:MtSdNiPCNRyJS+OiNq7ajQ2zS5i1Wzvw/5mbnf6oZkfUjZUfHt5rkvm/I:MIdJN3+Z5Jm81WzvrrRZkTNGOw

Score

10^/10

redline vip-mtn discovery infostealer spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

abc5d7e2fe95585f2c118d1e8ed171ea82ec3c76b02353aa5acca13cab13a32c.exe

Resource

win7-20231129-en

redline vip-mtn discovery infostealer spyware stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

abc5d7e2fe95585f2c118d1e8ed171ea82ec3c76b02353aa5acca13cab13a32c.exe

Resource

win10v2004-20240508-en

redline vip-mtn infostealer

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

VIP-MTN

C2

94.156.69.12:1912

Targets

- Target
  
  abc5d7e2fe95585f2c118d1e8ed171ea82ec3c76b02353aa5acca13cab13a32c.exe
- Size
  
  661KB
- MD5
  
  ebf299e666dd6d5e2e2bc6ceb3761665
- SHA1
  
  e4de13126c1f575f2217faf8abb6ac47b35a3172
- SHA256
  
  abc5d7e2fe95585f2c118d1e8ed171ea82ec3c76b02353aa5acca13cab13a32c
- SHA512
  
  063323f0c3ba62dad9216556937e41f378463272feb014020578167f68bbfdc6dad399814de9b30815001268f0835b4b718ae58365566d67fe94e1a0ab7b80c6
- SSDEEP
  
  12288:GBUsFSdlab3dkVFQ9M6HvGSBvtMkMwyPTEpdjBSJlP0mhIzuEC96X7n0aeAhrim9:slFBNIFQKUvrB+k5tBSJVp4urM0aeAfE
Score

10^/10

redline vip-mtn discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinevip-mtndiscoveryinfostealerspywarestealer

behavioral2

redlinevip-mtninfostealer

© 2018-2024

Terms | Privacy